[aur-general] Issue a warning while (re)packaging a binary package?
Jonathon Fernyhough
jonathon at m2x.dev
Fri Jun 18 16:02:48 UTC 2021
On 18/06/2021 16:21, alad via aur-general wrote:
> On 18/06/2021 16:43, Jonathon Fernyhough via aur-general wrote:
>> ...
>> Or, is an executable /tmp a reasonable assumption? 🤔
>
> I don't see anything in file-hierarchy(7) that mandates an executable
> /tmp. That said, it contains a hint that some programs might break:
>
> /tmp/, /var/tmp/ and /dev/shm/ should be mounted nosuid and
> nodev, which means that set-user-id mode and character or block
> special devices are not interpreted on those file systems. In
> general it is not possible to mount them noexec, because various
> programs use those directories for dynamically generated or
> optimized code, and with that flag those use cases would break.
> Using this flag is OK on special-purpose installations or systems
> where all software that may be installed is known and doesn't
> require such functionality. See the discussion of
> nosuid/nodev/noexec in mount(8) and PROT_EXEC in mmap(2).
>
This kind of implies that noexec would be a "special-purpose" case
rather than the norm (as it's definitely not the default), which also
implies it's a user-configuration issue rather than a packaging issue.
Therefore, and thinking about saving Jan some work, is adding a warning
necessary?
(e.g. is there other software in the repos that would break with a
noexec [/tmp,/var/tmp,/dev/shm], and if so, do any of those contain a
warning about a non-default state?)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20210618/25290f4c/attachment-0001.sig>
More information about the aur-general
mailing list