Valery Reznic wrote:
--------> Below is important part <------------------------ If the header of a file isn’t recognized (the attempted execve(2)returned ENOEXEC), these functions will execute the shell (/bin/sh)with the path of the file as its first argument. (If this attempt fails, no further searching is done.)
Yes, I do believe you nailed it.
After Matan's email I tried running the set with strace, and realized it was, indeed, a user space thing. As I need that for a (user space) program that intercepts the actual kernel calls (and sometimes emulates them), I will assume that the governing rule is that a program can have just one shell script in its interpreter path.
And now to a slightly related subject - does anyone know how I can change the command line that appears in "ps" for a program after it has been run? I know it should be possible, because I vaguely remember programs that receive sensitive information in command line and try to immediately hide it, but merely writing to the argv addresses did not bring the desired results, and /proc/self/cmdline seems to be read only.
Shachar ================================================================To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
