10

I have written a "Hello, World!" C file myCFile.c on an x86 embedded board on the Debian OS.

#include <stdio.h>
int main()
{
  printf("hello\n")
}

I compile the program: gcc myCFile.c

However,

tester@localhost:~/test$ ./a.out
-bash: ./a.out: Permission denied
tester@localhost:~/pravin$ ls -lrt
total 44
-rwxrwxrwx 1 tester test   54 Sep  7 07:33 myCFile.c
-rwxrwxrwx 1 tester test   16608 Sep  7 07:33 a.out

However, if I copy a.out to /run/user/1000, I can execute it.

tester@localhost:/run/user/1000$ ls
a.out  bus  gnupg  systemd

Also, I can execute it when I compile the C file with root user and execute it. I can execute it.

root@localhost:~# gcc myCFile.c
root@localhost:~# ./a.out
hello
root@localhost:~#

Is it something related to the NOEXEC flag?

My /etc/fstab file:

# Begin /etc/fstab
/dev/root    /        ext4        defaults        0    0 proc
/proc        proc        nosuid,noexec,nodev    0    0 sysfs        /sys        sysfs        nosuid,noexec,nodev    0    0 devpts
/dev/pts    devpts        gid=5,mode=620        0    0 tmpfs
/run        tmpfs        defaults,size=1500M    0    0 devtmpfs
/dev        devtmpfs    mode=0755,nosuid    0    0
# End /etc/fstab
LABEL=persistent    /persistent    ext4    defaults,data=journal,noatime,nosuid,nodev,noexec    0    2
/persistent/home    /home    none    defaults,bind    0    0
/persistent/tmp    /tmp    none    defaults,bind    0    0
AdminBee
  • 21,637
  • 21
  • 47
  • 71
Pravin.2087
  • 143
  • 1
  • 7

1 Answers1

24

Is it something related NOEXEC flag?

Yes; presumably /home is mounted noexec, which means you can’t run binaries there. /tmp/user/1000 works because it’s a on different file system, as is /root (root’s home directory).

In your case,

mount -o remount,exec /persistent

should allow you to execute files in your home directory.

Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • 1
    Huh, having noexec `/home` but not noexec `/run/user` seems like a security flaw :) – hobbs Sep 07 '21 at 17:04
  • 3
    @hobbs why? unless you prevent any processes from mmaping executable pages (as e.g. recent versions of android do), mounting any tmpfs noexec is purely self-congratulatory feel-good posturing security theater. You don't even need mmap or constructing your executable by hand -- you can just copy any binary into a memfd file and then executing it via `pexecve` or `execveat` –  Sep 07 '21 at 17:20
  • @UncleBilly well, then there's no longer any point to noexec anything, is there? – hobbs Sep 07 '21 at 17:46
  • @Joshua Isn't that the purpose of the `nosuid` mount option? – Barmar Sep 08 '21 at 15:01
  • 3
    The point of `noexec` isn't to get around a determined user, it's to prevent a trojan horse on removable media. @hobbs – Barmar Sep 08 '21 at 15:03
  • 1
    @Barmar In several decades that's mostly not how I've seen it used, and it's not what it's being used for here. But oh well :) – hobbs Sep 08 '21 at 15:56
  • @Barmar `/home` would be a very strange place to mount removable media to :) – Dmitry Grigoryev Sep 09 '21 at 07:18