xref: /dflybsd-src/share/man/man7/script.7 (revision e0bca9240dd7b910d32ad9d38e9b01dcb82a35e4) 
1*e0bca924SSascha Wildner.\"	$OpenBSD: script.7,v 1.4 2007/05/31 19:19:58 jmc Exp $
2*e0bca924SSascha Wildner.\"
3*e0bca924SSascha Wildner.\"	$NetBSD: script.7,v 1.1 2005/05/07 02:20:34 perry Exp $
4*e0bca924SSascha Wildner.\"	$DragonFly: src/share/man/man7/script.7,v 1.1 2007/12/21 22:14:04 swildner Exp $
5*e0bca924SSascha Wildner.\"
6*e0bca924SSascha Wildner.\" Copyright (c) 2005 The NetBSD Foundation, Inc.
7*e0bca924SSascha Wildner.\" All rights reserved.
8*e0bca924SSascha Wildner.\"
9*e0bca924SSascha Wildner.\" This document was originally contributed to The NetBSD Foundation
10*e0bca924SSascha Wildner.\" by Perry E. Metzger of Metzger, Dowdeswell & Co. LLC.
11*e0bca924SSascha Wildner.\"
12*e0bca924SSascha Wildner.\" Redistribution and use in source and binary forms, with or without
13*e0bca924SSascha Wildner.\" modification, are permitted provided that the following conditions
14*e0bca924SSascha Wildner.\" are met:
15*e0bca924SSascha Wildner.\" 1. Redistributions of source code must retain the above copyright
16*e0bca924SSascha Wildner.\"    notice, this list of conditions and the following disclaimer.
17*e0bca924SSascha Wildner.\" 2. Redistributions in binary form must reproduce the above copyright
18*e0bca924SSascha Wildner.\"    notice, this list of conditions and the following disclaimer in the
19*e0bca924SSascha Wildner.\"    documentation and/or other materials provided with the distribution.
20*e0bca924SSascha Wildner.\" 3. All advertising materials mentioning features or use of this software
21*e0bca924SSascha Wildner.\"    must display the following acknowledgement:
22*e0bca924SSascha Wildner.\"        This product includes software developed by the NetBSD
23*e0bca924SSascha Wildner.\"        Foundation, Inc. and its contributors.
24*e0bca924SSascha Wildner.\" 4. Neither the name of The NetBSD Foundation nor the names of its
25*e0bca924SSascha Wildner.\"    contributors may be used to endorse or promote products derived
26*e0bca924SSascha Wildner.\"    from this software without specific prior written permission.
27*e0bca924SSascha Wildner.\"
28*e0bca924SSascha Wildner.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
29*e0bca924SSascha Wildner.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
30*e0bca924SSascha Wildner.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
31*e0bca924SSascha Wildner.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
32*e0bca924SSascha Wildner.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
33*e0bca924SSascha Wildner.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34*e0bca924SSascha Wildner.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35*e0bca924SSascha Wildner.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36*e0bca924SSascha Wildner.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37*e0bca924SSascha Wildner.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38*e0bca924SSascha Wildner.\" POSSIBILITY OF SUCH DAMAGE.
39*e0bca924SSascha Wildner.\"
40*e0bca924SSascha Wildner.Dd December 21, 2007
41*e0bca924SSascha Wildner.Dt SCRIPT 7
42*e0bca924SSascha Wildner.Os
43*e0bca924SSascha Wildner.Sh NAME
44*e0bca924SSascha Wildner.Nm script
45*e0bca924SSascha Wildner.Nd interpreter script execution
46*e0bca924SSascha Wildner.Sh DESCRIPTION
47*e0bca924SSascha WildnerThe system is capable of treating a text file containing commands
48*e0bca924SSascha Wildnerintended for an interpreter, such as
49*e0bca924SSascha Wildner.Xr sh 1
50*e0bca924SSascha Wildneror
51*e0bca924SSascha Wildner.Xr awk 1 ,
52*e0bca924SSascha Wildneras an executable program.
53*e0bca924SSascha Wildner.Pp
54*e0bca924SSascha WildnerAn
55*e0bca924SSascha Wildner.Dq interpreter script
56*e0bca924SSascha Wildneris a file which has been set executable (see
57*e0bca924SSascha Wildner.Xr chmod 2 )
58*e0bca924SSascha Wildnerand which has a first line of the form:
59*e0bca924SSascha Wildner.Pp
60*e0bca924SSascha Wildner.D1 Li #! Ar pathname Op Ar argument
61*e0bca924SSascha Wildner.Pp
62*e0bca924SSascha WildnerThe
63*e0bca924SSascha Wildner.Sq #!
64*e0bca924SSascha Wildnermust appear as the first two characters of the file.
65*e0bca924SSascha WildnerA space between the
66*e0bca924SSascha Wildner.Sq #!
67*e0bca924SSascha Wildnerand
68*e0bca924SSascha Wildner.Ar pathname
69*e0bca924SSascha Wildneris optional.
70*e0bca924SSascha WildnerAt most one
71*e0bca924SSascha Wildner.Ar argument
72*e0bca924SSascha Wildnermay follow
73*e0bca924SSascha Wildner.Ar pathname ,
74*e0bca924SSascha Wildnerand the length of the entire line is limited (see below).
75*e0bca924SSascha Wildner.Pp
76*e0bca924SSascha WildnerIf such a file is executed (such as via the
77*e0bca924SSascha Wildner.Xr execve 2
78*e0bca924SSascha Wildnersystem call), the interpreter specified by the
79*e0bca924SSascha Wildner.Ar pathname
80*e0bca924SSascha Wildneris executed by the system.
81*e0bca924SSascha Wildner(The
82*e0bca924SSascha Wildner.Ar pathname
83*e0bca924SSascha Wildneris executed without regard to the
84*e0bca924SSascha Wildner.Ev PATH
85*e0bca924SSascha Wildnervariable, so in general
86*e0bca924SSascha Wildner.Ar pathname
87*e0bca924SSascha Wildnershould be an absolute path.)
88*e0bca924SSascha Wildner.Pp
89*e0bca924SSascha WildnerThe arguments passed to the interpreter will be as follows.
90*e0bca924SSascha Wildner.Va argv[0]
91*e0bca924SSascha Wildnerwill be the path to the interpreter itself, as specified on the first
92*e0bca924SSascha Wildnerline of the script.
93*e0bca924SSascha WildnerIf there is an
94*e0bca924SSascha Wildner.Ar argument
95*e0bca924SSascha Wildnerfollowing
96*e0bca924SSascha Wildner.Ar pathname
97*e0bca924SSascha Wildneron the first line of the script, it will be passed as
98*e0bca924SSascha Wildner.Va argv[1] .
99*e0bca924SSascha WildnerThe subsequent elements of
100*e0bca924SSascha Wildner.Va argv
101*e0bca924SSascha Wildnerwill be the path to the interpreter script file itself (i.e. the
102*e0bca924SSascha Wildneroriginal
103*e0bca924SSascha Wildner.Va argv[0] )
104*e0bca924SSascha Wildnerfollowed by any further arguments passed when
105*e0bca924SSascha Wildner.Xr execve 2
106*e0bca924SSascha Wildnerwas invoked to execute the script file.
107*e0bca924SSascha Wildner.Pp
108*e0bca924SSascha WildnerBy convention, it is expected that an interpreter will open the script
109*e0bca924SSascha Wildnerfile passed as an argument and process the commands within it.
110*e0bca924SSascha WildnerTypical interpreters treat
111*e0bca924SSascha Wildner.Sq #
112*e0bca924SSascha Wildneras a comment character, and thus will ignore the initial line of the script
113*e0bca924SSascha Wildnerbecause it begins
114*e0bca924SSascha Wildner.Sq #! ,
115*e0bca924SSascha Wildnerbut there is no requirement for this per se.
116*e0bca924SSascha Wildner.Pp
117*e0bca924SSascha WildnerOn
118*e0bca924SSascha Wildner.Dx ,
119*e0bca924SSascha Wildnerthe length of the
120*e0bca924SSascha Wildner.Sq #!
121*e0bca924SSascha Wildnerline, excluding the
122*e0bca924SSascha Wildner.Sq #!
123*e0bca924SSascha Wildneritself, is limited to
124*e0bca924SSascha Wildner.Dv PATH_MAX
125*e0bca924SSascha Wildner(as defined in
126*e0bca924SSascha Wildner.Aq Pa limits.h ) .
127*e0bca924SSascha WildnerOther operating systems impose different limits on the length of
128*e0bca924SSascha Wildnerthe
129*e0bca924SSascha Wildner.Sq #!
130*e0bca924SSascha Wildnerline (see below).
131*e0bca924SSascha Wildner.Pp
132*e0bca924SSascha WildnerNote that the interpreter may not itself be an interpreter script.
133*e0bca924SSascha WildnerIf
134*e0bca924SSascha Wildner.Ar pathname
135*e0bca924SSascha Wildnerdoes not point to an executable binary, execution of the interpreter
136*e0bca924SSascha Wildnerscript will fail.
137*e0bca924SSascha Wildner.Ss Trampolines and Portable Scripts
138*e0bca924SSascha WildnerDifferent operating systems often have interpreters located in
139*e0bca924SSascha Wildnerdifferent locations, and the kernel executes the passed interpreter
140*e0bca924SSascha Wildnerwithout regard to the setting of environment variables such as
141*e0bca924SSascha Wildner.Ev PATH .
142*e0bca924SSascha WildnerThis makes it somewhat challenging to set the
143*e0bca924SSascha Wildner.Sq #!
144*e0bca924SSascha Wildnerline of a script so that it will run identically on different systems.
145*e0bca924SSascha Wildner.Pp
146*e0bca924SSascha WildnerSince the
147*e0bca924SSascha Wildner.Xr env 1
148*e0bca924SSascha Wildnerutility executes a command passed to it on its command line, it is
149*e0bca924SSascha Wildneroften used as a
150*e0bca924SSascha Wildner.Dq trampoline
151*e0bca924SSascha Wildnerto render scripts portable.
152*e0bca924SSascha WildnerIf the leading line of a script reads
153*e0bca924SSascha Wildner.Pp
154*e0bca924SSascha Wildner.Dl #! /usr/bin/env interp
155*e0bca924SSascha Wildner.Pp
156*e0bca924SSascha Wildnerthen the
157*e0bca924SSascha Wildner.Xr env 1
158*e0bca924SSascha Wildnercommand will execute the
159*e0bca924SSascha Wildner.Dq interp
160*e0bca924SSascha Wildnercommand it finds in its
161*e0bca924SSascha Wildner.Ev PATH ,
162*e0bca924SSascha Wildnerpassing on to it all subsequent arguments with which it itself was called.
163*e0bca924SSascha WildnerSince
164*e0bca924SSascha Wildner.Pa /usr/bin/env
165*e0bca924SSascha Wildneris found on almost all
166*e0bca924SSascha Wildner.Tn POSIX
167*e0bca924SSascha Wildnerstyle systems, this trick is frequently exploited by authors who need
168*e0bca924SSascha Wildnera script to execute without change on multiple systems.
169*e0bca924SSascha Wildner.Ss Historical Note: Scripts without `#!'
170*e0bca924SSascha WildnerShell scripts predate the invention of the
171*e0bca924SSascha Wildner.Sq #!
172*e0bca924SSascha Wildnerconvention, which is implemented in the kernel.
173*e0bca924SSascha WildnerIn the days of
174*e0bca924SSascha Wildner.At v7 ,
175*e0bca924SSascha Wildnerthere was only one interpreter used on the system,
176*e0bca924SSascha Wildner.Pa /bin/sh ,
177*e0bca924SSascha Wildnerand the shell treated any file that failed to execute with an
178*e0bca924SSascha Wildner.Er ENOEXEC
179*e0bca924SSascha Wildnererror
180*e0bca924SSascha Wildner(see
181*e0bca924SSascha Wildner.Xr intro 2 )
182*e0bca924SSascha Wildneras a shell script.
183*e0bca924SSascha Wildner.Pp
184*e0bca924SSascha WildnerMost shells (such as
185*e0bca924SSascha Wildner.Xr sh 1 )
186*e0bca924SSascha Wildnerand certain other facilities (including
187*e0bca924SSascha Wildner.Xr execlp 3
188*e0bca924SSascha Wildnerand
189*e0bca924SSascha Wildner.Xr execvp 3
190*e0bca924SSascha Wildnerbut not other types of
191*e0bca924SSascha Wildner.Xr exec 3
192*e0bca924SSascha Wildnercalls) still pass
193*e0bca924SSascha Wildnerinterpreter scripts that do not include the
194*e0bca924SSascha Wildner.Sq #!
195*e0bca924SSascha Wildner(and thus fail to execute with
196*e0bca924SSascha Wildner.Er ENOEXEC )
197*e0bca924SSascha Wildnerto
198*e0bca924SSascha Wildner.Pa /bin/sh .
199*e0bca924SSascha Wildner.Pp
200*e0bca924SSascha WildnerAs this behavior is implemented outside the kernel, there is no
201*e0bca924SSascha Wildnermechanism that forces it to be respected by all programs that execute
202*e0bca924SSascha Wildnerother programs.
203*e0bca924SSascha WildnerIt is thus not completely reliable.
204*e0bca924SSascha WildnerIt is therefore important to always include
205*e0bca924SSascha Wildner.Pp
206*e0bca924SSascha Wildner.Dl #!/bin/sh
207*e0bca924SSascha Wildner.Pp
208*e0bca924SSascha Wildnerin front of Bourne shell scripts, and to treat the traditional
209*e0bca924SSascha Wildnerbehavior as obsolete.
210*e0bca924SSascha Wildner.Sh EXAMPLES
211*e0bca924SSascha WildnerSuppose that an executable binary exists in
212*e0bca924SSascha Wildner.Pa /bin/interp
213*e0bca924SSascha Wildnerand that the file
214*e0bca924SSascha Wildner.Pa /tmp/script
215*e0bca924SSascha Wildnercontains:
216*e0bca924SSascha Wildner.Bd -literal -offset indent
217*e0bca924SSascha Wildner#!/bin/interp -arg
218*e0bca924SSascha Wildner
219*e0bca924SSascha Wildner[...]
220*e0bca924SSascha Wildner.Ed
221*e0bca924SSascha Wildner.Pp
222*e0bca924SSascha Wildnerand that
223*e0bca924SSascha Wildner.Pa /tmp/script
224*e0bca924SSascha Wildneris set mode 755.
225*e0bca924SSascha Wildner.Pp
226*e0bca924SSascha WildnerExecuting
227*e0bca924SSascha Wildner.Pp
228*e0bca924SSascha Wildner.Dl $ /tmp/script one two three
229*e0bca924SSascha Wildner.Pp
230*e0bca924SSascha Wildnerat the shell will result in
231*e0bca924SSascha Wildner.Pa /bin/interp
232*e0bca924SSascha Wildnerbeing executed, receiving the following arguments in
233*e0bca924SSascha Wildner.Va argv
234*e0bca924SSascha Wildner(numbered from 0):
235*e0bca924SSascha Wildner.Bd -ragged -offset indent
236*e0bca924SSascha Wildner.Qq /bin/interp ,
237*e0bca924SSascha Wildner.Qq "-arg" ,
238*e0bca924SSascha Wildner.Qq /tmp/script ,
239*e0bca924SSascha Wildner.Qq one ,
240*e0bca924SSascha Wildner.Qq two ,
241*e0bca924SSascha Wildner.Qq three
242*e0bca924SSascha Wildner.Ed
243*e0bca924SSascha Wildner.Ss Portability Note: Multiple arguments
244*e0bca924SSascha WildnerThe behavior of multiple arguments on the
245*e0bca924SSascha Wildner.Sq #!
246*e0bca924SSascha Wildnerline is highly non-portable between different systems.
247*e0bca924SSascha WildnerIn general, only one argument can be assumed to work consistently.
248*e0bca924SSascha Wildner.Pp
249*e0bca924SSascha WildnerConsider the following variation on the previous example.
250*e0bca924SSascha WildnerSuppose that an executable binary exists in
251*e0bca924SSascha Wildner.Pa /bin/interp
252*e0bca924SSascha Wildnerand that the file
253*e0bca924SSascha Wildner.Pa /tmp/script
254*e0bca924SSascha Wildnercontains:
255*e0bca924SSascha Wildner.Bd -literal -offset indent
256*e0bca924SSascha Wildner#!/bin/interp -x -y
257*e0bca924SSascha Wildner
258*e0bca924SSascha Wildner[...]
259*e0bca924SSascha Wildner.Ed
260*e0bca924SSascha Wildner.Pp
261*e0bca924SSascha Wildnerand that
262*e0bca924SSascha Wildner.Pa /tmp/script
263*e0bca924SSascha Wildneris set mode 755.
264*e0bca924SSascha Wildner.Pp
265*e0bca924SSascha WildnerExecuting
266*e0bca924SSascha Wildner.Pp
267*e0bca924SSascha Wildner.Dl $ /tmp/script one two three
268*e0bca924SSascha Wildner.Pp
269*e0bca924SSascha Wildnerat the shell will result in
270*e0bca924SSascha Wildner.Pa /bin/interp
271*e0bca924SSascha Wildnerbeing executed, receiving the following arguments in
272*e0bca924SSascha Wildner.Va argv
273*e0bca924SSascha Wildner(numbered from 0):
274*e0bca924SSascha Wildner.Bd -ragged -offset indent
275*e0bca924SSascha Wildner.Qq /bin/interp ,
276*e0bca924SSascha Wildner.Qq "-x -y" ,
277*e0bca924SSascha Wildner.Qq /tmp/script ,
278*e0bca924SSascha Wildner.Qq one ,
279*e0bca924SSascha Wildner.Qq two ,
280*e0bca924SSascha Wildner.Qq three
281*e0bca924SSascha Wildner.Ed
282*e0bca924SSascha Wildner.Pp
283*e0bca924SSascha WildnerNote that
284*e0bca924SSascha Wildner.Qq "-x -y"
285*e0bca924SSascha Wildnerwill be passed on
286*e0bca924SSascha Wildner.Dx
287*e0bca924SSascha Wildneras a single argument.
288*e0bca924SSascha Wildner.Pp
289*e0bca924SSascha WildnerAlthough most
290*e0bca924SSascha Wildner.Tn POSIX
291*e0bca924SSascha Wildnerstyle operating systems will pass only one
292*e0bca924SSascha Wildner.Ar argument ,
293*e0bca924SSascha Wildnerthe behavior when multiple arguments are included is not
294*e0bca924SSascha Wildnerconsistent between platforms.
295*e0bca924SSascha WildnerSome, such as
296*e0bca924SSascha Wildner.Dx ,
297*e0bca924SSascha Wildnerwill concatenate multiple arguments into a single argument (as above),
298*e0bca924SSascha Wildnersome will truncate them, and at least one will pass them as multiple
299*e0bca924SSascha Wildnerarguments.
300*e0bca924SSascha Wildner.Pp
301*e0bca924SSascha WildnerThe
302*e0bca924SSascha Wildner.Dx
303*e0bca924SSascha Wildnerbehavior is common but not universal.
304*e0bca924SSascha WildnerSun's
305*e0bca924SSascha Wildner.Tn Solaris
306*e0bca924SSascha Wildnerwould present the above argument as
307*e0bca924SSascha Wildner.Qq -x ,
308*e0bca924SSascha Wildnerdropping the
309*e0bca924SSascha Wildner.Qq " -y"
310*e0bca924SSascha Wildnerentirely.
311*e0bca924SSascha WildnerPerhaps uniquely, recent versions of Apple's
312*e0bca924SSascha Wildner.Tn OS X
313*e0bca924SSascha Wildnerwill actually pass multiple arguments properly, i.e.:
314*e0bca924SSascha Wildner.Bd -ragged -offset indent
315*e0bca924SSascha Wildner.Qq /bin/interp ,
316*e0bca924SSascha Wildner.Qq -x ,
317*e0bca924SSascha Wildner.Qq -y ,
318*e0bca924SSascha Wildner.Qq /tmp/script ,
319*e0bca924SSascha Wildner.Qq one ,
320*e0bca924SSascha Wildner.Qq two ,
321*e0bca924SSascha Wildner.Qq three
322*e0bca924SSascha Wildner.Ed
323*e0bca924SSascha Wildner.Pp
324*e0bca924SSascha WildnerThe behavior of the system in the face of multiple arguments is thus
325*e0bca924SSascha Wildnernot currently standardized, should not be relied on, and may be
326*e0bca924SSascha Wildnerchanged in future releases.
327*e0bca924SSascha WildnerIn general, pass at most one argument, and do not rely on multiple
328*e0bca924SSascha Wildnerarguments being concatenated.
329*e0bca924SSascha Wildner.Sh SEE ALSO
330*e0bca924SSascha Wildner.Xr awk 1 ,
331*e0bca924SSascha Wildner.Xr csh 1 ,
332*e0bca924SSascha Wildner.Xr sh 1 ,
333*e0bca924SSascha Wildner.Xr chmod 2 ,
334*e0bca924SSascha Wildner.Xr execve 2 ,
335*e0bca924SSascha Wildner.Xr intro 2 ,
336*e0bca924SSascha Wildner.Xr execlp 3 ,
337*e0bca924SSascha Wildner.Xr execvp 3
338*e0bca924SSascha Wildner.Sh STANDARDS
339*e0bca924SSascha WildnerThe behavior of interpreter scripts is obliquely referred to, but
340*e0bca924SSascha Wildnernever actually described in,
341*e0bca924SSascha Wildner.St -p1003.1-2004 .
342*e0bca924SSascha Wildner.Pp
343*e0bca924SSascha WildnerThe behavior is partially (but not completely) described in the
344*e0bca924SSascha Wildner.St -svid4 .
345*e0bca924SSascha Wildner.Pp
346*e0bca924SSascha WildnerAlthough it has never been formally standardized, the behavior
347*e0bca924SSascha Wildnerdescribed is largely portable across
348*e0bca924SSascha Wildner.Tn POSIX
349*e0bca924SSascha Wildnerstyle systems, with two significant exceptions: the maximum length of the
350*e0bca924SSascha Wildner.Sq #!
351*e0bca924SSascha Wildnerline, and the behavior if multiple arguments are passed.
352*e0bca924SSascha WildnerPlease be aware that the behavior in the
353*e0bca924SSascha Wildnerface of multiple arguments is not consistent across systems.
354*e0bca924SSascha Wildner.Sh HISTORY
355*e0bca924SSascha WildnerThe behavior of the kernel when encountering scripts that start in
356*e0bca924SSascha Wildner.Sq #!
357*e0bca924SSascha Wildnerwas not present in
358*e0bca924SSascha Wildner.At v7 .
359*e0bca924SSascha WildnerA Usenet posting to net.unix by Guy Harris on October 16, 1984 claims
360*e0bca924SSascha Wildnerthat the idea for the
361*e0bca924SSascha Wildner.Sq #!
362*e0bca924SSascha Wildnerbehavior was first proposed by Dennis Ritchie but that the first
363*e0bca924SSascha Wildnerimplementation was on
364*e0bca924SSascha Wildner.Bx .
365*e0bca924SSascha Wildner.Pp
366*e0bca924SSascha WildnerHistorical manuals (specifically the exec man page) indicate that the
367*e0bca924SSascha Wildnerbehavior was present in
368*e0bca924SSascha Wildner.Bx 4
369*e0bca924SSascha Wildnerat least as early as April, 1981.
370*e0bca924SSascha WildnerInformation on precisely when it was first implemented, and in which
371*e0bca924SSascha Wildnerversion of
372*e0bca924SSascha Wildner.Ux ,
373*e0bca924SSascha Wildneris solicited.
374*e0bca924SSascha Wildner.Sh CAVEATS
375*e0bca924SSascha WildnerNumerous security problems are associated with setuid interpreter
376*e0bca924SSascha Wildnerscripts.
377*e0bca924SSascha Wildner.Pp
378*e0bca924SSascha WildnerIn addition to the fact that many interpreters (and scripts) are
379*e0bca924SSascha Wildnersimply not designed to be robust in a setuid context, a race condition
380*e0bca924SSascha Wildnerexists between the moment that the kernel examines the interpreter
381*e0bca924SSascha Wildnerscript file and the moment that the newly invoked interpreter opens
382*e0bca924SSascha Wildnerthe file itself.
383*e0bca924SSascha Wildner.Pp
384*e0bca924SSascha WildnerSubtle techniques can be used to subvert even seemingly well written scripts.
385*e0bca924SSascha WildnerScripts executed by Bourne type shells can be subverted in numerous
386*e0bca924SSascha Wildnerways, such as by setting the
387*e0bca924SSascha Wildner.Ev IFS
388*e0bca924SSascha Wildnervariable before executing the script.
389*e0bca924SSascha WildnerOther interpreters possess their own vulnerabilities.
390*e0bca924SSascha WildnerSetting the Set-user-ID on execution (SUID) bit
391*e0bca924SSascha Wildneris therefore very dangerous, and should not be done lightly, if at all.
392