[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: (OT) exec nonreadable shell scripts



On Wed, Jan 10, 2001 at 10:42:22AM -0800, brian moore wrote:
> On Wed, Jan 10, 2001 at 06:24:33PM +0000, Rick wrote:
> > sorry for off-topic, but I've been banging my head trying to set up shell
> > scripts that can be executed but not read by a user.  
> 
> Not doable.
> 
> The shell needs to read them in order to execute them.

actually the correct phrase is `not doable under linux'  mode 111
shell scripts work fine on OpenBSD and perhaps other *nixes.  

> (Well, you could do something REALLY evil like suid wrappers switching
> them to a user id that could read the script.... but that is ugly.)

very and really not worth it, there are many places where what the
script is doing will leak out (/proc for example).  its better to
write the script correctly and securely so that there is nothing to
hide.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp0lXOV1cihU.pgp
Description: PGP signature


Reply to: