On Sep 25, 2017, at 9:31 PM, Philip Guenther <guent...@gmail.com> wrote:

On Mon, 25 Sep 2017, Theodore Wynnychenko wrote:



I noticed this message in the dmesg after updating -current yesterday.



I am not sure what it means.



There is no file "test-ld.so" anywhere on the system that I can find.

I also see that it appears this part of rc was just committed in the

last few weeks.



Why is this happening, and is there anything that I should do to correct

the "Permission denied" error?



It means that after /etc/rc had built a new ld.so, when it tried to test
it by running the test-ld.so program (which is packaged inside
/usr/libdata/ld.so.a), it failed with that error, EACCES.

My guess is that you're hitting this:

    [EACCES]           The new process file is on a filesystem mounted with
                       execution disabled (MNT_NOEXEC in <sys/mount.h>).

If you're mounting /tmp with the noexec flag, then stop doing that.


Philip Guenther





Thank you for the information.  I removed the “noexec” flag from fstab and the 
error has disappeared.



But, I am also surprised by the requirement that /tmp _not_ be mounted noexec 
for this to function correctly.  I recall reading that it was best to mount 
filesystems with the most restrictive settings possible for that specific 
filesystem, and that /tmp should be mounted with (essentially) nothing set (ie: 
nodev, nosuid, noexec).



Am I incorrect or has something changed in this regard?



It seems to me that, as a general rule, making /tmp noexec is a good thing from 
a security standpoint; but I admit that I don’t know enough about this to be 
sure.



Anyway, I just added a line to rc.local to remount temp as noexec at the end of 
the boot so that rc would work without errors and that /tmp is noexec once the 
system is up.



Is that bad?



Thanks



---
This email has been checked for viruses by AVG.
http://www.avg.com

Reply via email to