Re: running script from cdrom fails

From: Gregory K. Johnson (gkj_at_gregorykjohnson.com)
Date: 11/23/03

  • Next message: Fraser Campbell: "Re: Anaconda, where's the beef?" 
    To: Micha Feigin <michf@post.tau.ac.il>
Date: Sat, 22 Nov 2003 21:02:55 -0500

    Micha Feigin <michf@post.tau.ac.il> writes:

    > When I try to run shell scripts from cdrom I get the following message:
    > bash: ./INSTALLDOCS.SH: /bin/sh: bad interpreter: Permission denied
    > I got this with several bash scripts and in fact, I don't remmember one
    > that did work. Any idea?

    Probably your CD-ROM is listed in /etc/fstab (the configuration file
    that tells mount about your filesystems) with a line something like:

    /dev/cdrom /cdrom iso9660 ro,user,noauto

    According to the mount(8) manpage:

    user Allow an ordinary user to mount the file system. The name
           of the mounting user is written to mtab so that he can
           unmount the file system again. This option implies the
           options noexec, nosuid, and nodev (unless overridden by
           subsequent options, as in the option line
           user,exec,dev,suid).

    noexec Do not allow execution of any binaries on the mounted file
           system. This option might be useful for a server that has
           file systems containing binaries for architectures other
           than its own.

    Thus, adding "exec" at some point after "user" in the list mount
    options will do the trick:

    /dev/cdrom /cdrom iso9660 ro,user,exec,noauto

    With this configuration, anyone who can mount a CD on your machine can
    run the executables on the CD. This isn't a problem because (a) if
    someone nefarious has physical access to your machine, you're a goner
    anyway, (b) under a typical setup, users can install whatever
    executables they want (and thus could copy 'em from a CD to a home
    directory), and (c) if a nefarious user can run "mount /cdrom" there
    are almost certainly lots of other ways he can get executables onto
    the machine. 

    -- 
Gregory K. Johnson
-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Fraser Campbell: "Re: Anaconda, where's the beef?"

    Relevant Pages

    • Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
      ... force "nosuid,nodev" mount options on the created mount ... our kernel design may be incomplete. ... Now I can see not wanting to support executables if you are locking ... the CD was stuck in the drive problem. ...
      (Linux-Kernel)
    • Re: one partition/filesystem, many root trees
      ... |> how do I get the old mount point unmounted? ... the page mapping relates to the fileSYSTEM, ... next question is if I can unmount the original mount point instead. ... | if Fedora Core 3 actually keeps executables from initramfs ...
      (comp.os.linux.development.system)
    • Re: one partition/filesystem, many root trees
      ... > One problem is the init program is still running after pivot_rootso ... > how do I get the old mount point unmounted? ... This flag will allow you to umount a mount ... if Fedora Core 3 actually keeps executables from initramfs ...
      (comp.os.linux.development.system)
    • [opensuse] share samba and pam_mount
      ... This server is a member of AD. ... Users' local configuration file (if there is none, ... Individual users may define additional volumes to mount if allowed by ... You can specify either absolute paths, or relative ones, in which case ...
      (SuSE)
    • bindingRedirect and COM-interop
      ... I think it's supposed to work with unmanged executables. ... LOG: Where-ref bind. ... LOG: Assembly download was successful. ... Host configuration file not found. ...
      (microsoft.public.dotnet.framework.interop)