Re: shebang-less script execution not resetting some options

[Greg Wooledge]

On Wed, Oct 02, 2019 at 03:11:18AM -0700, L A Walsh wrote:
> > Bash allows a child of itself (a subshell) to read the commands.
> > GNU find -exec uses /bin/sh to run it.
> > zsh and csh both use /bin/sh to run it, I think.

>     So if a user has 'rbash' in /etc/passwd, they might get a real shell
> because various programs ignore what /etc/passwd says?

Well, yeah.  If a user in a "restricted shell" is allowed to run bash,
or find, or zsh, or csh, then they can "escape" from the "restricted
shell" trivially.

It's exactly the same as if you allowed them to run vi, or emacs, or
less, or nethack, or any other program that has a shell escape.  Or perl,
or tclsh, or gcc, or any other programming environment that lets them
write a program that runs an arbitrary shell command.

This is why "restricted shells" are basically a joke.  And not even a
funny one.  Nobody has taken them seriously as a security measure in
decades.

But that's completely unrelated to the original question, which was
"how does ___ handle a script that's missing the shebang".  The answer
to that is, "everyone handles it differently".

I did some more poking around after my previous email in this thread.
Various people have written "ployglot scripts" that can run under
different interpreters.  I chose this one
<https://github.com/stephane-chazelas/misc-scripts/blob/master/which_interpreter>
and placed it in a file and gave it execute permissions.

Then I played around with it, just to verify my recollections:

wooledg:~$ echo "$BASH_VERSION"
5.0.3(1)-release
wooledg:~$ which_interpreter
bash 5.0.3(1)-release
wooledg:~$ zsh
wooledg:~% which_interpreter
POSIX shell
wooledg:~% exit
wooledg:~$ tcsh
wooledg:~> which_interpreter
POSIX shell
wooledg:~> exit
exit
wooledg:~$ find .bashrc -exec which_interpreter {} \;
POSIX shell