KAUTH_FILEOP_EXEC and interpreted scripts
KAUTH_FILEOP_EXEC and interpreted scripts
- Subject: KAUTH_FILEOP_EXEC and interpreted scripts
- From: Arno Hautala <email@hidden>
- Date: Wed, 12 Apr 2006 23:19:27 -0400
Hei,
I was looking into the KAUTH_SCOPE_FILEOP notifications and ran into
an possible inconsistency with the KAUTH_FILEOP_EXEC notification.
The documentation (TN 2127 at http://developer.apple.com/technotes/
tn2005/tn2127.html) states of the vnode_t and char pointer: "...for
interpreted scripts, such as shell or perl scripts, this is the
script, not the interpreter)." In other words the path will refer to
the executed script and you'll see a KAUTH_FILEOP_EXEC for ~/bin/
script.sh and not /bin/sh.
However, in my testing (using http://developer.apple.com/samplecode/
KauthORama/listing1.html) it seems that an EXEC is not announced for
interpreted scripts.
I would expect that a script like:
#!/bin/sh
curl apple.com
should produce a variety of KAUTH_FILEOP_OPEN and KAUTH_FILEOP_CLOSE,
which do appear, but also two KAUTH_FILEOP_EXEC notifications. One
for the script, and a second for curl. In practice I'm only seeing
one for curl. I see the same behavior for perl scripts.
Are the other semantics dictating when KAUTH_FILEOP_EXEC is posted or
is this a bug with kauth?
Because the script IS opened I can always look for KAUTH_FILEOP_OPEN
notifications, but it'd be much nicer to only process
KAUTH_FILEOP_EXECs.
Any help on this is appreciated.
-- --
arno s. hautala /-\ email@hidden
-- --
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden