7

I hit again on this strange behaviour of the system. I'm running Debian 6.0.6 and had quite some troubles executing a script directly from CD/DVD. Finally I had to use:

sh /media/cdrom/command

to run it. What is the big deal of having to resort to sh?! What if the script relies on bash features? Really annoying and not much added to security in my opinion

Does anybody know of a good reason for that behaviour?

PS: if you try to run it directly with ./... you get an error that does not suggest any hint to the issue (filesystem mounted noexec):

bash: ./media/cdrom/command: No such file or directory

If you run it as bash /media/cdrom/command you get the same error (I think verification of mount options are verified by bash even for commands passed as parameters on the command line.

Permanent solution is to add exec to the mount options in /etc/fstab such as:

/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto,exec     0       0
a1an
  • 301
  • 4
  • 10

2 Answers2

11

Filesystems are often mounted noexec,nosuid by default to boost the security a bit. Hence even though you see the executable bit on the file set, kernel will refuse to run it. By calling it in the form of interpreter path/to/script you are requesting the system to run interpreter, which in turn receives path/to/script as an argument and parses it thus bypassing the filesystem imposed restriction (you might be able to achieve the same effect with compiled executables with: /lib/ld-linux.so.1 path/to/executable).

Hence one option is mount -o exec .... You might want to put the option into /etc/fstab - usually by replacing the defaults option with defaults,exec. However, unless you really know what you are doing, I would advise against this.

As for the BASH specifics, I believe bash will interpret those even when running as sh. And you are definitely free to invoke it as bash path/to/script.

peterph
  • 30,520
  • 2
  • 69
  • 75
  • Adding the exec option in /etc/fstab works indeed. Moreover you get plenty of warnings about running software directly from external media if you use gnome. – a1an Dec 27 '12 at 12:57
1

This is a bit late to the game, but I found this looking for an answer to my issue and thought I'd chime in for others searching. Our shell script was burned to CD from a Windows PC, and once mounted in the Redhat box, appeared as rw-rw-r--. My solution was to put the file on a Redhat CM server, make it r-xr-xr-x, and burn it to CD from the Redhat box. Those permissions appeared the same once mounted on the target computer, so I could run with merely /mnt/cdrom/install.sh

Anthon
  • 78,313
  • 42
  • 165
  • 222
Kieran Dill
  • 11
  • 1