diff options
| author | Kaz Kylheku <kaz@kylheku.com> | 2016-05-05 06:38:59 -0700 |
|---|---|---|
| committer | Kaz Kylheku <kaz@kylheku.com> | 2016-05-05 06:38:59 -0700 |
| commit | b897159ece19148faf414aec5fb6b7baac0fa301 (patch) | |
| tree | d22a8d1dcc26deb7f33424fe6875079c6bc28627 /txr.1 | |
| parent | 7de3d60457b9746b31781522be6ea9e0b1438a86 (diff) | |
| download | txr-b897159ece19148faf414aec5fb6b7baac0fa301.tar.gz txr-b897159ece19148faf414aec5fb6b7baac0fa301.tar.bz2 txr-b897159ece19148faf414aec5fb6b7baac0fa301.zip | |
New --reexec option.
This helps with setuid hash bang scripting on Mac OS,
and other plaforms where the interpreter executed out
of a hash bang script runs with orinary privilege,
even if marked setuid.
* sysif.c (exec_wrap): Static function turns extern.
* sysif.h (exec-wrap): Declared.
* txr.1: Documented --reexec. Added notes about setuid under
Hash Bang Support.
* txr.c (help): List --reexec option.
(txr_main): Implement --reexec option.
Diffstat (limited to 'txr.1')
| -rw-r--r-- | txr.1 | 28 |
1 files changed, 28 insertions, 0 deletions
@@ -757,6 +757,26 @@ or .code -P options. +.coIP --reexec +On platforms which support the POSIX +.code exec +family of functions, this option causes \*(TX to re-execute itself. +The re-executed image receives the remaining arguments which follow +the +.code --reexec +argument. Note: this option is useful for supporting setuid operation in +"hash hang" scripts. On some platforms, the interpreter designated by +a "hash bang" script runs without altered privilege, even if that +interpreter is installed setuid. If the interpreter is executed directly, +then setuid applies to it, but not if it is executed via "hash bang". +If the +.code --reexec +option is used in the interpreter command line of such a script, the +interpreter will re-execute itself, thereby gaining the setuid privilege. +The re-executed image will then obtain the script name from the arguments +which are passed to it and determine whether that script will run setuid. +See the section SETUID/SETGID OPERATION. + .coIP --gc-debug This option enables a behavior which stresses the garbage collector with frequent garbage collection requests. The purpose is to make it more likely @@ -1101,6 +1121,14 @@ script name is inserted anywhere among them, possibly multiple times. Arguments for the interpreter can be encoded, as well as arguments to be processed by the script. +\*(TX supports setuid hash bang scripting, even on platforms that do not +support setuid and setgid attributes on hash bang scripts. On such +platforms, \*(TX has to be installed setuid/setgid. See the section +SETUID/SETGID OPERATION. On some platforms, it may also be necessary to +to use the +.code --reexec +option. + .SS* Whitespace Outside of directives, whitespace is significant in \*(TX queries, and represents a pattern match for whitespace in the input. An extent of text consisting of |