Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84 SMI; site sun.uucp Path: utzoo!watmath!clyde!burl!ulysses!ucbvax!decvax!decwrl!sun!guy From: guy@sun.uucp (Guy Harris) Newsgroups: net.unix Subject: Re: inconsistency on read/execute permissions for shell procedures Message-ID: <2395@sun.uucp> Date: Mon, 8-Jul-85 06:30:31 EDT Article-I.D.: sun.2395 Posted: Mon Jul 8 06:30:31 1985 Date-Received: Thu, 11-Jul-85 00:21:49 EDT References: <761@wanginst.UUCP> Distribution: net Organization: Sun Microsystems, Inc. Lines: 14 Programs and other executable files are not really equivalent; the UNIX documentation over-simplifies. The UNIX kernel does the "reading" of programs (it reads them into a process' address space and then hands control to the code it read it), and since the kernel is not subject to regular UNIX permission checking (it enforces those permissions, but since it has the skeleton key it can open any door it wants to) it can read the file's contents even if the user doesn't have read permission. All other executable files are read by some interpreter which runs in user mode, and which is therefore subject to UNIX's standard permissions checking. Because of that, you can't have an executable file other than a program which can be executed by a user but not read by that user (unless you modify the interpreter to run set-UID root and to do its own permission checking). Guy Harris