On the image above, the writable.sh shell script file has the rwxr--r-- permission. The owner and the group of the file is flag03. In other words, It can be executed by flag03 only.
Permission denied message was displayed when I executed the file with level03 account.
But, When I inserted the file into the parameter of bash command, It works.
When I ran the file in the same way without read permission of group and other, Permission denied message was displayed.
This time, I created whoami shell script to check EUID and I tested it.
The result is same as the image above. It is executed by my account(level03) not another account(flag03).
The reason that the shell script can be executed with just read permission is due to characteristic of bash command. If a file path is inserted into the parameter, the bash command executes linux command inside the file.
| Test environment | |||
| O S | Nebula 3.0.0-12 (Ubuntu 11.10) |
CPU | - |
| SHELL | GNU bash (4.2.10(1)) | GPU | - |
| RAM | - | ||