Re: [BUG] #+CALL - permission error -bash

2024-05-03 Thread Max Nikulin 

On 02/05/2024 21:55, Ihor Radchenko wrote:

vitalij writes:


in org-babel-sh-evaluate
  file:~/.emacs.d/elpa/org-9.6.28/ob-shell.el::300

this do apply: (process-file "/tmp/babel-NfRG9P/sh-script-jmKNA4"
  "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil nil)

I don't allow executables in /tmp folder!


Why do you think that it is a bug in Org mode?
AFAIK, it is generally expected that anything can go into tmp.


There are various guides recommending noexec, however they warn that 
some issues should be expected.


Securing Debian Manual
- https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html
  4.10. Mounting partitions the right way
- 
https://www.debian.org/doc/manuals/securing-debian-manual/checklist.en.html

  B.2. Configuration checklist

Security in Arch Linux wiki:
https://wiki.archlinux.org/title/Security#Mount_options
Mount options


How to make it this way:

(process-file "/use/bin/bash /tmp/babel-NfRG9P/sh-script-jmKNA4"
 "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil nil)

???

It is like when you do:
./a.sh

instead of:
bash a.sh


Likely you mean

(process-file "/usr/bin/bash"
 "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil 
"/tmp/babel-NfRG9P/sh-script-jmKNA4")


but it would ignore shebang. Try

#!/bin/sh -e
false
printf "Should not be executed\n"

So it is necessary to either drop :shebang or set temporary directory to 
a suitable path.

Re: [BUG] #+CALL - permission error -bash

2024-05-02 Thread Leo Butler 
On Thu, May 02 2024, vita...@gmx.com wrote:

> in org-babel-sh-evaluate
>  file:~/.emacs.d/elpa/org-9.6.28/ob-shell.el::300
>
> this do apply: (process-file "/tmp/babel-NfRG9P/sh-script-jmKNA4"
>  "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil nil)
>
> I don't allow executables in /tmp folder!

How about:

(setq org-babel-temporary-directory
  (let ((temporary-file-directory "/path/you/prefer"))
(make-temp-file "babel-" t)))

Leo

Re: [BUG] #+CALL - permission error -bash

2024-05-02 Thread Ihor Radchenko 
vita...@gmx.com writes:

> in org-babel-sh-evaluate
>  file:~/.emacs.d/elpa/org-9.6.28/ob-shell.el::300
>
> this do apply: (process-file "/tmp/babel-NfRG9P/sh-script-jmKNA4"
>  "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil nil)
>
> I don't allow executables in /tmp folder!

Why do you think that it is a bug in Org mode?
AFAIK, it is generally expected that anything can go into tmp.

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at .
Support Org development at ,
or support my work at

[BUG] #+CALL - permission error -bash

2024-05-02 Thread vitalij 
in org-babel-sh-evaluate
 file:~/.emacs.d/elpa/org-9.6.28/ob-shell.el::300

this do apply: (process-file "/tmp/babel-NfRG9P/sh-script-jmKNA4"
 "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil nil)

I don't allow executables in /tmp folder!

How to make it this way:

(process-file "/use/bin/bash /tmp/babel-NfRG9P/sh-script-jmKNA4"
 "/tmp/babel-NfRG9P/sh-stdin-o3CEm5" # nil nil)

???

It is like when you do:
./a.sh

instead of:
bash a.sh

Emacs  : GNU Emacs 29.3 (build 1, x86_64-pc-linux-gnu, X toolkit)
 of 2024-05-01
Package: Org mode version 9.6.28 ( @ /home/u/.emacs.d/elpa/org-9.6.28/)
--
Best regards,