On 02/05/2024 21:55, Ihor Radchenko wrote:
vitalij writes:
in org-babel-sh-evaluate
file:~/.emacs.d/elpa/org-9.6.28/ob-shell.el::300
this do apply: (process-file "/tmp/babel-NfRG9P/sh-script-jmKNA4"
"/tmp/babel-NfRG9P/sh-stdin-o3CEm5" #<buffer *temp*> nil nil)
I don't allow executables in /tmp folder!
Why do you think that it is a bug in Org mode?
AFAIK, it is generally expected that anything can go into tmp.
There are various guides recommending noexec, however they warn that
some issues should be expected.
Securing Debian Manual
- https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html
4.10. Mounting partitions the right way
-
https://www.debian.org/doc/manuals/securing-debian-manual/checklist.en.html
B.2. Configuration checklist
Security in Arch Linux wiki:
https://wiki.archlinux.org/title/Security#Mount_options
Mount options
How to make it this way:
(process-file "/use/bin/bash /tmp/babel-NfRG9P/sh-script-jmKNA4"
"/tmp/babel-NfRG9P/sh-stdin-o3CEm5" #<buffer *temp*> nil nil)
???
It is like when you do:
./a.sh
instead of:
bash a.sh
Likely you mean
(process-file "/usr/bin/bash"
"/tmp/babel-NfRG9P/sh-stdin-o3CEm5" #<buffer *temp*> nil
"/tmp/babel-NfRG9P/sh-script-jmKNA4")
but it would ignore shebang. Try
#!/bin/sh -e
false
printf "Should not be executed\n"
So it is necessary to either drop :shebang or set temporary directory to
a suitable path.
