script (binary) requires executable option on /tmp mount

Question

script (binary) requires executable option on /tmp mount

rule88 opened this issue 3 years ago · 2 comments

[root@host tmp]# mount | grep /tmp
/dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
[root@host tmp]# /srv/log4j-finder 
/srv/log4j-finder: error while loading shared libraries: libz.so.1: failed to map segment from shared object: Operation not permitted
[root@host tmp]# mount /tmp -o remount,exec
[root@host tmp]# mount | grep /tmp
/dev/mapper/VolGroup01-tmp on /tmp type xfs (rw,nosuid,nodev,relatime,seclabel,attr2,inode64,noquota)
[root@host tmp]# /srv/log4j-finder 
 __               _____  __         ___ __           __
|  |.-----.-----.|  |  ||__|______.'  _|__|.-----.--|  |.-----.----.
|  ||  _  |  _  ||__    |  |______|   _|  ||     |  _  ||  -__|   _|
|__||_____|___  |   |__||  |      |__| |__||__|__|_____||_____|__|
          |_____|      |___| v1.2.0 https://github.com/fox-it/log4j-finder

[2021-12-30 15:29:02] host Scanning: /
^C
Aborted!

this is not expected, especially not from a security scan utility, as noexec is set with a reason on /tmp mount point. It would be nice to provide a different tmp dir for the binary.

Answer 1 · 2021-12-30T21:04:26.000Z

Changing TMP to another directory doesn't work? (ie mkdir /u01/tmp; export TMP=/u01/tmp)

Answer 2 · 2021-12-31T12:01:21.000Z

Some things are just to obvious.

Works like a charm, may I suggest this is adopted in documentation?