permission denied for mpm if TMPDIR has noexec mount flag

[versionbayjc]

I noticed this while trying to install MATLAB in a more hardened linux environment. Apparently it is a practice in Defense-In-Depth to disallow running executables from /tmp. And this is exactly what mpm does : it extracts itself to /tmp and then runs the extracted executable. Maybe you could provide an (optional) argument to specify where to extract the mpm package to, before running it?

While writing this issue, I actually noticed in the Release Notes, that mpm respects the TMPDIR environment variable since 0.6.0, and that would be a workaround, but it is not actually documented. It is only casually mentioned as a change in the release notes without mentioning what TMPDIR is then actually used for. I would prefer not to change TMPDIR, but to simply specify where to extract the mpm package to for running it. But maybe this is just a personal preference.

I'm not sure what the best enhancement would be for mpm for this issue, maybe detecting the noexec and giving a clearer message what to do? Maybe documenting that TMPDIR is used for extracting and should not be noexec? Maybe adding an optional argument for extracting mpm instead of hiding the extraction and cleaning it up? I would vote for this last item, since that would also allow more interactive use of mpm (querying --help, installing multiple releases, etc.) to work without extracting and removing the extracted package for every invocation of mpm, thereby running much faster.

Here is the output on RHEL7.9 (Maipo) when /tmp is mounted with noexec option:

[versionbayjc@localhost ~]$ wget https://www.mathworks.com/mpm/glnxa64/mpm
--2024-04-04 14:09:08--  https://www.mathworks.com/mpm/glnxa64/mpm
Resolving www.mathworks.com (www.mathworks.com)... 23.0.212.112
Connecting to www.mathworks.com (www.mathworks.com)|23.0.212.112|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://ssd.mathworks.com/supportfiles/downloads/mpm/2024.1.1/glnxa64/mpm [following]
--2024-04-04 14:09:08--  https://ssd.mathworks.com/supportfiles/downloads/mpm/2024.1.1/glnxa64/mpm
Resolving ssd.mathworks.com (ssd.mathworks.com)... 23.42.167.78
Connecting to ssd.mathworks.com (ssd.mathworks.com)|23.42.167.78|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 65112927 (62M) [text/plain]
Saving to: ‘mpm’

100%[======================================>] 65,112,927  51.2MB/s   in 1.2s   

2024-04-04 14:09:10 (51.2 MB/s) - ‘mpm’ saved [65112927/65112927]

[versionbayjc@localhost ~]$ chmod +x mpm
[versionbayjc@localhost ~]$ ./mpm install --release R2024a --products MATLAB
./mpm: line 17: /tmp/mathworks_10854/./bin/glnxa64/mpm: Permission denied
ERROR: ld.so: object '/tmp/mathworks_10854/bin/glnxa64/glibc-2.17_shim.so' from LD_PRELOAD cannot be preloaded: ignored.