[Keep] FUSE driver should expose files with permissions mode 0555
What other filesystem doesn't support a separate executable bit? FAT.
What happens when you mount FAT on Linux? Every single file is 0755.
Keep also doesn't support an executable bit. The FUSE driver should correspondingly expose all files as 0555. This would be preferable to using hacks like using ld.so to execute binaries from Keep.
#1 Updated by Peter Amstutz over 5 years ago
But I like the ld.so hack!
I briefly considered suggesting that we could scan the file to look for "#!" or an ELF header, but that is impractical since it would have to fetch the first block of every file. So this is probably good enough until we go to a Keep v2 manifest format.
#7 Updated by Brett Smith over 5 years ago
My perspective is that putting this behavior behind a command-line flag is a classic 'unbreak my software' option.
Emacs is basically the last remaining X application that insists on having cut and paste that doesn't work correctly. So they have this function "menu-bar-enable-clipboard" which basically means "please make my cut and paste work correctly." Why is this an option? I call this kind of preference the "unbreak my application please" button. Just fix the app and be done with it.
I don't see any use case that's served by making this behavior optional. It doesn't give us any additional security; as we've already demonstrated, if the user can execute arbitrary filesystem locations, they can execute from arv-mount with the right incantation. When would the user ever want artificial barriers to executing their programs? Having a switch just means we have more code to maintain, and we'll have to write
--set-executable-bit in a whole bunch of places in the future (for starters, the login script that sets up mounts for users on shell nodes). I'd much rather just always set the executable bit and be done with it.