John Plocher writes: > Roland Mainz wrote: > > Darren J Moffat wrote: > > > > > pfexec > > Yes, but disabling the builtins is not that easy. > > If a shell script exec()ing chmod needs pfexec, why wouldn't a program > that dlopen()s libcmd and calls libcmd::chmod() directly also need pfexec()? > > This implies that the fix needs to be in libcmd and not in ksh93
It can't be in libcmd, because those external programs themselves will link to libcmd to get the implementation there. You'd just recurse forever. In order for this to work, either (A) all applications using libcmd must become smart enough to know when to do exec() instead or (B) no application other than a /usr/bin/* utility implemented by way of libcmd should ever link against libcmd. -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677