Check to see if the script has an ELF header, and if so, return ENOEXEC.

sys/kern/exec_script.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: exec_script.c,v 1.37 2004/04/21 18:40:38 itojun Exp $	*/
+/*	$NetBSD: exec_script.c,v 1.38 2004/11/04 23:55:28 matt Exp $	*/
 
 /*
  * Copyright (c) 1993, 1994, 1996 Christopher G. Demetriou
@@ -31,7 +31,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.37 2004/04/21 18:40:38 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.38 2004/11/04 23:55:28 matt Exp $");
 
 #if defined(SETUIDSCRIPTS) && !defined(FDSCRIPTS)
 #define FDSCRIPTS		/* Need this for safe set-id scripts. */
@@ -52,6 +52,7 @@ __KERNEL_RCSID(0, "$NetBSD: exec_script.c,v 1.37 2004/04/21 18:40:38 itojun Exp
 #include <sys/resourcevar.h>
 
 #include <sys/exec_script.h>
+#include <sys/exec_elf.h>
 
 /*
  * exec_script_makecmds(): Check if it's an executable shell script.
@@ -107,6 +108,13 @@ exec_script_makecmds(struct proc *p, struct exec_package *epp)
 	if (cp >= hdrstr + hdrlinelen)
 		return ENOEXEC;
 
+	/*
+	 * If the script has an ELF header, don't exec it.
+	 */
+	if (epp->ep_hdrvalid >= sizeof(ELFMAG)-1 &&
+	    memcmp(hdrstr, ELFMAG, sizeof(ELFMAG)-1) == 0)
+		return ENOEXEC;
+
 	shellname = NULL;
 	shellarg = NULL;
 	shellarglen = 0;