Remote execution give me "Operation not permitted" from script-wrapper

rplevka · July 31, 2022, 9:21am

Hi.
I believe it is uploading the files with permissions 555 here:

theforeman/smart_proxy_remote_execution_ssh/blob/master/lib/smart_proxy_remote_execution_ssh/runners/script_runner.rb#L183


      
                                    close_stdin: false)
            end
            # The path should already be escaped
            ensure_remote_command("rm #{script}")
          end
          
          def prepare_start
            @remote_script = cp_script_to_remote
            @output_path = File.join(File.dirname(@remote_script), 'output')
            @exit_code_path = File.join(File.dirname(@remote_script), 'exit_code')
            @pid_path = File.join(File.dirname(@remote_script), 'pid')
            @remote_script_wrapper = upload_data(
              "echo $$ > #{@pid_path}; exec \"$@\";",
              File.join(File.dirname(@remote_script), 'script-wrapper'),
              555)
          end
          
          # the script that initiates the execution
          def initialization_script
            su_method = @user_method.instance_of?(SuUserMethod)
            # pipe the output to tee while capturing the exit code in a file

Anyway, maybe the hardening mounts the destination with noexec flag?
If that is true, you might need to reconfigure REX to use different working path, just like described here:

Hope that helps!