develooper Front page | perl.perl5.porters | Postings from January 2012

Re: Shebang line parsing mystery

Thread Previous | Thread Next
Andy Dougherty
January 17, 2012 05:32
Re: Shebang line parsing mystery
Message ID:
On Tue, 17 Jan 2012, Andy Dougherty wrote:

> On Mon, 16 Jan 2012, Rafael Garcia-Suarez wrote:

> If I recall correctly, 'indir' was a program designed to indirectly 
> execute other programs.  My recollection is that it was supposed to be 
> particularly useful in setuid situations where the OS didn't natively 
> provide you much help, and/or perhaps in situations where the OS kernel 
> limited you to 32 character command lines.

Ah, here it is:

Here is the basic description:

Subject:  v21i031:  Safe way to run setuid shell scripts
Newsgroups: comp.sources.unix
Approved: rsalz@uunet.UU.NET
X-Checksum-Snefru: 4f572b9c 2ce9cfdd 5b62cea8 69ef7415

Submitted-by: Maarten Litmaath <>
Posting-number: Volume 21, Issue 31
Archive-name: indir

Suppose you want everyone to be able to remove some lockfile, but you don't
want its directory to be world-writable.  Isn't it ridiculous you'd have to
write a setuid C program to do the equivalent of the following shell script?

	/bin/rm /some/directory/lockfile

The problem: making this shell script setuid creates a security hole (see
the file `setuid.txt').  The solution: indir(1).  Using this program the
script would be setuid and look like this:

	#!/bin/indir -u
	#?/bin/sh /safe/path/to/this/script
	/bin/rm /some/directory/lockfile

    Andy Dougherty

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About