abathur / resholve

a shell resolver? :) (find and resolve shell script dependencies)
MIT License
231 stars 5 forks source link

Executables could be discovered by running the script with PATH pointing at FUSE #13

Open catern opened 4 years ago

catern commented 4 years ago

Instead of using a parser to parse the text of the shell script, you could point PATH at a FUSE filesystem and run the script to discover the executables the script runs. One might be concerned that one has to run the script, which might have annoying side-effects or be very slow - but that doesn't have to be the case, since you don't have to run the real executables: You can have the FUSE filesystem respond on-demand with stubs that do nothing for every executable that the script runs. This is kind of like what the Tup build system does. https://github.com/gittup/tup

Of course this is not a serious suggestion, parsing the shell script as in your current approach is certainly better (this dynamic way wouldn't even support the most basic functions). I just mention this because you might find it mildly amusing, because I implemented something like resholved using that strategy in this SIGBOVIK paper: https://github.com/catern/rsyscall/tree/master/research/sigbovik2020 https://github.com/catern/rsyscall/blob/master/research/sigbovik2020/paper.pdf

abathur commented 4 years ago

@catern I definitely do find it amusing (and timely).

@grahamc asked lately about two specific ways to catch executables that might otherwise be leaking or falling through the cracks--an option to generate scripts with PATH unset (which is underway in #12), and a "trace" option which I'm still chewing on, since it doesn't square as readily with the model I use here. (Graham mentioned this alongside a few other issues; I split this specific topic out into #9, but you can also see his original comment in #4). I've updated that issue to cross-link here.

I also think the underlying idea here has some other interesting applications! Just a month ago I was talking (log) with @infinisil and @samueldr in nixos-chat and wondered aloud about the viability of a FUSE filesystem that denies information about valid paths by pretending all paths are valid (but only returning correct contents to certain requesting processes by PID).

abathur commented 4 years ago

@catern I got a little time to look at this while something else builds, but it looks like it has a Linux dependency. Do you know if this is a hard/intrinsic dependency, or if it's feasible to build on macOS as well?

catern commented 4 years ago

It's a pretty intrinsic dependency for this implementation (symsh), although I suppose the idea could be implemented in essentially the same way on MacOS. The "paper" https://github.com/catern/rsyscall/blob/master/research/sigbovik2020/paper.pdf is mostly intended to be amusing, but the "Applications" and "Implementation" section are essentially legitimate. After that, if you can't run it, I'd just look at the implementation https://github.com/catern/rsyscall/blob/master/python/rsyscall/scripts/symsh.py