site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com Hei, I would expect that a script like: #!/bin/sh curl apple.com Any help on this is appreciated. -- -- arno s. hautala /-\ arno@alum.wpi.edu -- -- _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... I was looking into the KAUTH_SCOPE_FILEOP notifications and ran into an possible inconsistency with the KAUTH_FILEOP_EXEC notification. The documentation (TN 2127 at http://developer.apple.com/technotes/ tn2005/tn2127.html) states of the vnode_t and char pointer: "...for interpreted scripts, such as shell or perl scripts, this is the script, not the interpreter)." In other words the path will refer to the executed script and you'll see a KAUTH_FILEOP_EXEC for ~/bin/ script.sh and not /bin/sh. However, in my testing (using http://developer.apple.com/samplecode/ KauthORama/listing1.html) it seems that an EXEC is not announced for interpreted scripts. should produce a variety of KAUTH_FILEOP_OPEN and KAUTH_FILEOP_CLOSE, which do appear, but also two KAUTH_FILEOP_EXEC notifications. One for the script, and a second for curl. In practice I'm only seeing one for curl. I see the same behavior for perl scripts. Are the other semantics dictating when KAUTH_FILEOP_EXEC is posted or is this a bug with kauth? Because the script IS opened I can always look for KAUTH_FILEOP_OPEN notifications, but it'd be much nicer to only process KAUTH_FILEOP_EXECs. This email sent to site_archiver@lists.apple.com