On Sep 25, 2017, at 9:31 PM, Philip Guenther <guent...@gmail.com> wrote:
On Mon, 25 Sep 2017, Theodore Wynnychenko wrote: I noticed this message in the dmesg after updating -current yesterday. I am not sure what it means. There is no file "test-ld.so" anywhere on the system that I can find. I also see that it appears this part of rc was just committed in the last few weeks. Why is this happening, and is there anything that I should do to correct the "Permission denied" error? It means that after /etc/rc had built a new ld.so, when it tried to test it by running the test-ld.so program (which is packaged inside /usr/libdata/ld.so.a), it failed with that error, EACCES. My guess is that you're hitting this: [EACCES] The new process file is on a filesystem mounted with execution disabled (MNT_NOEXEC in <sys/mount.h>). If you're mounting /tmp with the noexec flag, then stop doing that. Philip Guenther Thank you for the information. I removed the “noexec” flag from fstab and the error has disappeared. But, I am also surprised by the requirement that /tmp _not_ be mounted noexec for this to function correctly. I recall reading that it was best to mount filesystems with the most restrictive settings possible for that specific filesystem, and that /tmp should be mounted with (essentially) nothing set (ie: nodev, nosuid, noexec). Am I incorrect or has something changed in this regard? It seems to me that, as a general rule, making /tmp noexec is a good thing from a security standpoint; but I admit that I don’t know enough about this to be sure. Anyway, I just added a line to rc.local to remount temp as noexec at the end of the boot so that rc would work without errors and that /tmp is noexec once the system is up. Is that bad? Thanks --- This email has been checked for viruses by AVG. http://www.avg.com