On Sep 25, 2017, at 9:31 PM, Philip Guenther <[email protected]> wrote:
On Mon, 25 Sep 2017, Theodore Wynnychenko wrote:
I noticed this message in the dmesg after updating -current yesterday.
I am not sure what it means.
There is no file "test-ld.so" anywhere on the system that I can find.
I also see that it appears this part of rc was just committed in the
last few weeks.
Why is this happening, and is there anything that I should do to correct
the "Permission denied" error?
It means that after /etc/rc had built a new ld.so, when it tried to test
it by running the test-ld.so program (which is packaged inside
/usr/libdata/ld.so.a), it failed with that error, EACCES.
My guess is that you're hitting this:
[EACCES] The new process file is on a filesystem mounted with
execution disabled (MNT_NOEXEC in <sys/mount.h>).
If you're mounting /tmp with the noexec flag, then stop doing that.
Philip Guenther
Thank you for the information. I removed the “noexec” flag from fstab and the
error has disappeared.
But, I am also surprised by the requirement that /tmp _not_ be mounted noexec
for this to function correctly. I recall reading that it was best to mount
filesystems with the most restrictive settings possible for that specific
filesystem, and that /tmp should be mounted with (essentially) nothing set (ie:
nodev, nosuid, noexec).
Am I incorrect or has something changed in this regard?
It seems to me that, as a general rule, making /tmp noexec is a good thing from
a security standpoint; but I admit that I don’t know enough about this to be
sure.
Anyway, I just added a line to rc.local to remount temp as noexec at the end of
the boot so that rc would work without errors and that /tmp is noexec once the
system is up.
Is that bad?
Thanks
---
This email has been checked for viruses by AVG.
http://www.avg.com
