The array used to hold the shebang line is defined to be 128 bytes in length. That naturally leads to the question of what happens if the line exceeds that length. In current kernels, the line will simply be truncated to fit the buffer, after which execution proceeds as normal. Or, at least, as normal as can be expected given that part of the shebang line is now missing. Recently, Oleg Nesterov decided that this behavior is wrong; it could cause misinterpreted arguments or, should the truncated line happen to be the valid name of an interpreter executable in it own right, run the wrong interpreter entirely. He put together a patch (merged for 5.0-rc1) changing that behavior; the kernel would fail the attempt to find an alternative interpreter entirely in that situation, causing a fallback to the default shell. [...] One might well wonder just how things worked before, since a truncated version of that shebang line is still wrong. It turns out that the Perl interpreter is able to detect this truncation; it rereads the first line itself and sets its arguments properly. As long as the interpreter itself is the correct one, things will work as expected. As of 5.0-rc1, though, the correct interpreter would no longer be invoked, and things went downhill from there. The kernel project's policy on this kind of change is clear, but Linus Torvalds reiterated it in this case anyway:

It doesn't matter if it "corrupted" things by truncating it. All that matters is "it used to work, now it doesn't" Yes, maybe it never *should* have worked. And yes, it's sad that people apparently had cases that depended on this odd behavior, but there we are.

[...] Had that been the end of the story, it would have been just another case of a regression introduced during the merge window, then corrected during the stabilization period. But, as it happens, this change found its way into the 4.20.8, 4.19.21, 4.14.99, and 4.9.156 stable kernel updates, despite the fact that neither the author nor the maintainer who merged it (Andrew Morton) had marked it for stable backporting. [...] Nesterov's patch had been automatically selected for backporting by Sasha Levin's machine-learning system. https://lwn.net/SubscriberLink/779997/11de2bdc8dbc0d69/ Non so davvero se sia più inquietante che la sicurezza informatica dei sistemi Linux dipenda da un software che calcola quali patch distribuire come stabili o... che bug vecchi di 50 anni non vengono corretti solo perché Perl ha imparato a sopravvivere con essi. Giacomo