Debian Bug report logs - #116448
apt-extracttemplates should not default to /tmp

version graph

Package: debconf; Maintainer for debconf is Debconf Developers <debconf-devel@lists.alioth.debian.org>; Source for debconf is src:debconf.

Reported by: Wichert Akkerman <wichert@wiggy.net>

Date: Sun, 21 Oct 2001 02:18:02 UTC

Severity: wishlist

Merged with 129289, 149329, 171170

Found in versions 1.0.25, 1.0.32

Done: Joey Hess <joeyh@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>:
Bug#116448; Package perl-base. Full text and rfc822 format available.

Acknowledgement sent to Wichert Akkerman <wichert@wiggy.net>:
New Bug report received and forwarded. Copy sent to Brendan O'Dea <bod@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Wichert Akkerman <wichert@wiggy.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: perl-base: cannot assume /tmp is mounted with exec
Date: Sun, 21 Oct 2001 04:12:57 +0200
Package: perl-base
Version: 5.6.1-5
Severity: important

I just ran into this little problem:

Can't exec "/tmp/config.2195013": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159.

I happen to have my /tmp mounted with noexec as a simple security
measure and as a reult the IPC module seems to break miserably. I don't
think that what I'm doing is unreasonably (or very uncommon) and IPC
should be able to cope with it. (why is it trying to run files from
/tmp anyway??)

Wichert.

-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux thunder 2.4.7-ac5+freeswan191 #3 Sat Aug 4 20:48:41 CEST 2001 i686
Locale: LANG=en_GB.ISO-8859-1, LC_CTYPE=en_GB.ISO-8859-1

Versions of packages perl-base depends on:
ii  libc6                         2.2.4-3    GNU C Library: Shared libraries an




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#116448; Package perl-base. Full text and rfc822 format available.

Acknowledgement sent to Brendan O'Dea <bod@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #10 received at 116448@bugs.debian.org (full text, mbox):

From: Brendan O'Dea <bod@debian.org>
To: Wichert Akkerman <wichert@wiggy.net>, 116448@bugs.debian.org
Subject: Re: Bug#116448: perl-base: cannot assume /tmp is mounted with exec
Date: Sun, 21 Oct 2001 15:53:58 +1000
reassign 116448 apt-utils
severity 116448 wishlist
retitle  116448 apt-extracttemplates should not default to /tmp
thanks

On Sun, Oct 21, 2001 at 04:12:57AM +0200, Wichert Akkerman wrote:
>Can't exec "/tmp/config.2195013": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159.
>
>I happen to have my /tmp mounted with noexec as a simple security
>measure and as a reult the IPC module seems to break miserably. I don't
>think that what I'm doing is unreasonably (or very uncommon) and IPC
>should be able to cope with it. (why is it trying to run files from
>/tmp anyway??)

The IPC::Open3 module doesn't do anything with /tmp intrinsically.  A
program is calling open3 with a script name of /tmp/config.2195013 .

At a guess I'd say that the program in question is dpkg-preconfigure,
which calls apt-extracttemplates to extract templates and configuration
scripts into /tmp for processing prior to installation of the packages.

A simple solution for you would be to set APT::ExtractTemplates::TempDir
in apt.conf to some directory which is mounted with exec.

Reassigned as wishlist to apt-utils.  Perhaps a different default would
be more appropriate, which need not be world-writable given the usage of
apt-extracttemplates via dpkg-preconfigure is as root.

Regards,
-- 
Brendan O'Dea                                        bod@compusol.com.au
Compusol Pty. Limited                  (NSW, Australia)  +61 2 9810 3633



Bug reassigned from package `perl-base' to `apt-utils'. Request was from Brendan O'Dea <bod@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `wishlist'. Request was from Brendan O'Dea <bod@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Brendan O'Dea <bod@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#116448; Package apt-utils. Full text and rfc822 format available.

Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>.

Your message did not contain a Subject field. This is broken, I am afraid - the Subject: line is a Required Header according to RFC822. Please remember to include a Subject field in your messages in future. If you did so the fact that it got lost probably indicates a poorly configured mail system at your site or an intervening one.

Full text and rfc822 format available.


Message #21 received at 116448@bugs.debian.org (full text, mbox):

From: Jason Gunthorpe <jgg@debian.org>
To: control@bugs.debian.org
Cc: 116448@bugs.debian.org
Date: Sun, 21 Oct 2001 12:56:51 -0600 (MDT)
reassign 116448 debconf
thanks

Debconf should probably find itself a secure location under /var to do
this with then. I'm not sure changing the default in the config file
actually works?

Jason




Bug reassigned from package `apt-utils' to `debconf'. Request was from Jason Gunthorpe <jgg@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#116448; Package debconf. Full text and rfc822 format available.

Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #28 received at 116448@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: 116448@bugs.debian.org, Jason Gunthorpe <jgg@debian.org>
Subject: Re: Bug#116448: perl-base: cannot assume /tmp is mounted with exec
Date: Sun, 21 Oct 2001 19:09:20 -0400
> Debconf should probably find itself a secure location under /var to do
> this with then. I'm not sure changing the default in the config file
> actually works?

Yeah, I guess /var is the best I can do. If it's mounted noexec, dpkg
scripts won't run anyway. You say "secure" -- I hope apt-extracttemplates
makes the temp files secure anyway?

I would prefer to just use /var/tmp or something, in case some event
leaves temp files lying around, so they will be cleaned up eventually.
OTOH, I suppose someone has probably made /var/tpm a link to a noexec
/tmp.

-- 
see shy jo



Information forwarded to debian-bugs-dist@lists.debian.org, Joey Hess <joeyh@debian.org>:
Bug#116448; Package debconf. Full text and rfc822 format available.

Acknowledgement sent to Ethan Benson <erbenson@alaska.net>:
Extra info received and forwarded to list. Copy sent to Joey Hess <joeyh@debian.org>. Full text and rfc822 format available.

Message #33 received at 116448@bugs.debian.org (full text, mbox):

From: Ethan Benson <erbenson@alaska.net>
To: 116448@bugs.debian.org
Subject: noexec /tmp
Date: Thu, 8 Nov 2001 05:27:56 -0900
[Message part 1 (text/plain, inline)]
> I would prefer to just use /var/tmp or something, in case some event
> leaves temp files lying around, so they will be cleaned up eventually.

/var/tmp is never cleaned under a default debian (or most traditional
unix) setup. only /tmp is autocleaned.  if tmp files like this are
dumped in /var/tmp and something happens where they are not deleted
you have sucessfully created permanent cruft.

noexec is useless anyway so this isn't partitularly important IMO.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/
[Message part 2 (application/pgp-signature, inline)]

Merged 116448 129289. Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 116448 129289 149329. Request was from Joey Hess <joey@kitenet.net> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 116448 129289 149329 171170. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Joey Hess <joeyh@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Wichert Akkerman <wichert@wiggy.net>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #44 received at 171170-done@bugs.debian.org (full text, mbox):

From: Joey Hess <joeyh@debian.org>
To: 171170-done@bugs.debian.org
Subject: closing /tmp related bug reports
Date: Thu, 21 Aug 2003 16:47:04 -0400
[Message part 1 (text/plain, inline)]
As of version 0.5.8, apt supports TMPDIR for determining where
apt-extracttemplates puts its temporary files. If you have a noexec
/tmp, use this or other documented means to make apt-extracttemplates
use a directory that does accept executables.

-- 
see shy jo
[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:45:48 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.