User:Aexoxea/Security Conflicts

From ArchWiki

This page lists security-related conflicts I've encountered that aren't easily documented elsewhere, or else are easily forgotten with time. These should be put somewhere more appropriate as opportunity permits.

Note: These are not bugs, but rather incompatibilities with security configurations that aren't standard. Of course, if there is nonetheless interest in resolving them (either in the distro or upstream), I certainly won't be objecting!

Conflicts with 'noexec'


dbeaver uses Eclipse SWT, which seems to want to write out .so files into the user's home directory and then execute them. Obviously, that won't work if the volume is noexec.

A separate user raised upstream issue #960: Not running in noexe mounted home, which resulted in a simple workaround: Choose (or create) a path that is rwxable on a volume which doesn't have noexec, and then run with dbeaver -vmargs -Duser.home=<path_to_location>.

Conflicts with 'umask 027'

You'll need to add something like chmod --recursive <permissions> "${srcdir}" to the PKGBUILD if the files are installed by script (or otherwise not using install):