Arvados

But I like the ld.so hack!

I briefly considered suggesting that we could scan the file to look for "#!" or an ELF header, but that is impractical since it would have to fetch the first block of every file. So this is probably good enough until we go to a Keep v2 manifest format.

My perspective is that putting this behavior behind a command-line flag is a classic 'unbreak my software' option.

Emacs is basically the last remaining X application that insists on having cut and paste that doesn't work correctly. So they have this function "menu-bar-enable-clipboard" which basically means "please make my cut and paste work correctly." Why is this an option? I call this kind of preference the "unbreak my application please" button. Just fix the app and be done with it.

I don't see any use case that's served by making this behavior optional. It doesn't give us any additional security; as we've already demonstrated, if the user can execute arbitrary filesystem locations, they can execute from arv-mount with the right incantation. When would the user ever want artificial barriers to executing their programs? Having a switch just means we have more code to maintain, and we'll have to write --set-executable-bit in a whole bunch of places in the future (for starters, the login script that sets up mounts for users on shell nodes). I'd much rather just always set the executable bit and be done with it.

Point taken. 4838-fuse-executable-files updated to just a one line fix.

Peter Amstutz wrote:

Point taken. 4838-fuse-executable-files updated to just a one line fix.

Thanks. Please merge f53484e.