Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

After running dtrace as

  $ sudo dtrace -n 'syscall::execve*:entry { printf("%s %s", execname, copyinstr(arg0)); }'
I had this output

    0  51617                     execve:entry sh ./quine
    1  51617                     execve:entry sh /bin/sh
    1  51617                     execve:entry sh /bin/cat
Altho this is the first time I use dtrace. I can try to run another command you can ask me to.

My login shell is the Bourne shell. However I tried bash, csh and tcsh too, it works, so it's probably the system level code that substitutes /bin/sh (maybe because it's my login shell?) to the interpreter.



I think shells are doing that. Otherwise you wouldn't see the execve("/bin/sh") syscall entry (it would get silently translated inside the kernel).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: