"/tmp" folder have noexec rights and it's blocking AlarmNotifier that need to execute a file there

book

Article ID: 129976

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

CA Spectrum AlarmNoitfier - here especially the SD-Nofitier makes use of "/tmp" folder to create temporary scripting data and info. Then this dynamically created scripting is executed. On a Linux-OS which is at security level hardended, the "/tmp/" partition is loopback mounted with "noexec" permission.

Therefore the scripts are not executed anymore.

 

CA Spectrum AlarmNotifier (SD-Notifier) makes use of temporary scripting/file data placed to the "/tmp" directory by default. Those scripts are then not executable from /tmp.
 
 

Environment

This applies to all CA Spectrum releases when installed on Linux-OS with "hardened" partition handling.

Resolution

NotifyOneClick executable from ./Notifier/sd_notifier is a runtime self-extractor which makes use of "/tmp" directory to execute / self-extract and run. Also the Alarm-Notifier scripts may make use by default of "/tmp" directory. 

You may edit the used AlarmNotifier or SD-Notifier scripts replacing the coded "/tmp" directory name by a directory name which is under the $HOME of the Spectrum install owner and mounted with "exec" rights.