develooper Front page | perl.perl5.porters | Postings from January 2012

Re: Shebang line parsing mystery

Thread Previous | Thread Next
Rafael Garcia-Suarez
January 17, 2012 06:34
Re: Shebang line parsing mystery
Message ID:
On 17 January 2012 14:32, Andy Dougherty <> wrote:
> On Tue, 17 Jan 2012, Andy Dougherty wrote:
>> On Mon, 16 Jan 2012, Rafael Garcia-Suarez wrote:
>> If I recall correctly, 'indir' was a program designed to indirectly
>> execute other programs.  My recollection is that it was supposed to be
>> particularly useful in setuid situations where the OS didn't natively
>> provide you much help, and/or perhaps in situations where the OS kernel
>> limited you to 32 character command lines.
> Ah, here it is:

I am impressed ! Thanks for digging that out.
I'll push (later) a patch to remove the "indir" special-case.
As for the decision of deprecating (or cutting off) the whole
exec-what's-on-the-shebang functionality, I'll wait for informed

> Here is the basic description:
> Subject:  v21i031:  Safe way to run setuid shell scripts
> Newsgroups: comp.sources.unix
> Approved: rsalz@uunet.UU.NET
> X-Checksum-Snefru: 4f572b9c 2ce9cfdd 5b62cea8 69ef7415
> Submitted-by: Maarten Litmaath <>
> Posting-number: Volume 21, Issue 31
> Archive-name: indir
> Suppose you want everyone to be able to remove some lockfile, but you don't
> want its directory to be world-writable.  Isn't it ridiculous you'd have to
> write a setuid C program to do the equivalent of the following shell script?
>        #!/bin/sh
>        /bin/rm /some/directory/lockfile
> The problem: making this shell script setuid creates a security hole (see
> the file `setuid.txt').  The solution: indir(1).  Using this program the
> script would be setuid and look like this:
>        #!/bin/indir -u
>        #?/bin/sh /safe/path/to/this/script
>        /bin/rm /some/directory/lockfile
> --
>    Andy Dougherty    

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About