On 18/06/2021 16:21, alad via aur-general wrote:
On 18/06/2021 16:43, Jonathon Fernyhough via aur-general wrote:
... Or, is an executable /tmp a reasonable assumption? 🤔
I don't see anything in file-hierarchy(7) that mandates an executable /tmp. That said, it contains a hint that some programs might break:
/tmp/, /var/tmp/ and /dev/shm/ should be mounted nosuid and nodev, which means that set-user-id mode and character or block special devices are not interpreted on those file systems. In general it is not possible to mount them noexec, because various programs use those directories for dynamically generated or optimized code, and with that flag those use cases would break. Using this flag is OK on special-purpose installations or systems where all software that may be installed is known and doesn't require such functionality. See the discussion of nosuid/nodev/noexec in mount(8) and PROT_EXEC in mmap(2).
This kind of implies that noexec would be a "special-purpose" case rather than the norm (as it's definitely not the default), which also implies it's a user-configuration issue rather than a packaging issue. Therefore, and thinking about saving Jan some work, is adding a warning necessary? (e.g. is there other software in the repos that would break with a noexec [/tmp,/var/tmp,/dev/shm], and if so, do any of those contain a warning about a non-default state?)