On Tue, Jan 03, 2012 at 07:17:04AM +0100, Axel Beckert wrote:
> Hi Yaroslav!
>
> Yaroslav Halchenko wrote:
> > > > I strongly recommend this solution, along with a proper debconf notice.
> > > [...]
> > > > /tmp is a good choice because the next reboot will automatically clean
> > > > up everything (and obviously the old binary will not be needed after
> > > > a reboot).
> > > Thanks for that hint. This sounds better (and especially less messy)
> > > than I thought! :-)
> >
> > Thank you Axel for your detailed response and IMHO this is indeed close
> > to an ideal (lightweight, self-cleaning, etc) resolution for this
> > scenario. BTW -- what is the take of standards/practices on having /tmp
> > mounted with noexec [1]?
>
> Good point! /run/shm (IIRC formerly /dev/shm) likely would be an
> alternative option, too.
No, it would not. This directory is reserved for the eglibc
POSIX SHM/SEM interfaces. Please don't abuse it--we only just
moved all the existing abusers to /run! Nothing other than
eglibc has any business creating files there, ever.
If you really need to use a filesystem mounted noexec, just run
the binary via /lib/ld.so (you'll need to get the real location
from e.g. ldd). Something like:
LD=$(ldd /tmp/path/to/screen | grep "ld-${arch}" | sed -e
's/[[:space:]]*\(\/[^[:space:]]*\)[[:space:]].*/\1/')
"$LD" /tmp/screen-94skls/screen
Or query for DT_INTERP directly and run that.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120103100546.gy5...@codelibre.net
