Debian Bug report logs -
#116448
apt-extracttemplates should not default to /tmp
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Brendan O'Dea <bod@debian.org>:
Bug#116448; Package perl-base.
(full text, mbox, link).
Acknowledgement sent to Wichert Akkerman <wichert@wiggy.net>:
New Bug report received and forwarded. Copy sent to Brendan O'Dea <bod@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: perl-base
Version: 5.6.1-5
Severity: important
I just ran into this little problem:
Can't exec "/tmp/config.2195013": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159.
I happen to have my /tmp mounted with noexec as a simple security
measure and as a reult the IPC module seems to break miserably. I don't
think that what I'm doing is unreasonably (or very uncommon) and IPC
should be able to cope with it. (why is it trying to run files from
/tmp anyway??)
Wichert.
-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux thunder 2.4.7-ac5+freeswan191 #3 Sat Aug 4 20:48:41 CEST 2001 i686
Locale: LANG=en_GB.ISO-8859-1, LC_CTYPE=en_GB.ISO-8859-1
Versions of packages perl-base depends on:
ii libc6 2.2.4-3 GNU C Library: Shared libraries an
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#116448; Package perl-base.
(full text, mbox, link).
Acknowledgement sent to Brendan O'Dea <bod@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #10 received at 116448@bugs.debian.org (full text, mbox, reply):
reassign 116448 apt-utils
severity 116448 wishlist
retitle 116448 apt-extracttemplates should not default to /tmp
thanks
On Sun, Oct 21, 2001 at 04:12:57AM +0200, Wichert Akkerman wrote:
>Can't exec "/tmp/config.2195013": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159.
>
>I happen to have my /tmp mounted with noexec as a simple security
>measure and as a reult the IPC module seems to break miserably. I don't
>think that what I'm doing is unreasonably (or very uncommon) and IPC
>should be able to cope with it. (why is it trying to run files from
>/tmp anyway??)
The IPC::Open3 module doesn't do anything with /tmp intrinsically. A
program is calling open3 with a script name of /tmp/config.2195013 .
At a guess I'd say that the program in question is dpkg-preconfigure,
which calls apt-extracttemplates to extract templates and configuration
scripts into /tmp for processing prior to installation of the packages.
A simple solution for you would be to set APT::ExtractTemplates::TempDir
in apt.conf to some directory which is mounted with exec.
Reassigned as wishlist to apt-utils. Perhaps a different default would
be more appropriate, which need not be world-writable given the usage of
apt-extracttemplates via dpkg-preconfigure is as root.
Regards,
--
Brendan O'Dea bod@compusol.com.au
Compusol Pty. Limited (NSW, Australia) +61 2 9810 3633
Severity set to `wishlist'.
Request was from Brendan O'Dea <bod@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Changed Bug title.
Request was from Brendan O'Dea <bod@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, APT Development Team <deity@lists.debian.org>:
Bug#116448; Package apt-utils.
(full text, mbox, link).
Acknowledgement sent to Jason Gunthorpe <jgg@debian.org>:
Extra info received and forwarded to list. Copy sent to APT Development Team <deity@lists.debian.org>.
Your message did not contain a Subject field. This is broken, I am
afraid - the Subject: line is a Required Header according to RFC822.
Please remember to include a Subject field in your messages in future.
If you did so the fact that it got lost probably indicates a poorly
configured mail system at your site or an intervening one.
(full text, mbox, link).
Message #21 received at 116448@bugs.debian.org (full text, mbox, reply):
reassign 116448 debconf
thanks
Debconf should probably find itself a secure location under /var to do
this with then. I'm not sure changing the default in the config file
actually works?
Jason
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#116448; Package debconf.
(full text, mbox, link).
Acknowledgement sent to Joey Hess <joeyh@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #28 received at 116448@bugs.debian.org (full text, mbox, reply):
> Debconf should probably find itself a secure location under /var to do
> this with then. I'm not sure changing the default in the config file
> actually works?
Yeah, I guess /var is the best I can do. If it's mounted noexec, dpkg
scripts won't run anyway. You say "secure" -- I hope apt-extracttemplates
makes the temp files secure anyway?
I would prefer to just use /var/tmp or something, in case some event
leaves temp files lying around, so they will be cleaned up eventually.
OTOH, I suppose someone has probably made /var/tpm a link to a noexec
/tmp.
--
see shy jo
Information forwarded to debian-bugs-dist@lists.debian.org, Joey Hess <joeyh@debian.org>:
Bug#116448; Package debconf.
(full text, mbox, link).
Acknowledgement sent to Ethan Benson <erbenson@alaska.net>:
Extra info received and forwarded to list. Copy sent to Joey Hess <joeyh@debian.org>.
(full text, mbox, link).
Message #33 received at 116448@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
> I would prefer to just use /var/tmp or something, in case some event
> leaves temp files lying around, so they will be cleaned up eventually.
/var/tmp is never cleaned under a default debian (or most traditional
unix) setup. only /tmp is autocleaned. if tmp files like this are
dumped in /var/tmp and something happens where they are not deleted
you have sucessfully created permanent cruft.
noexec is useless anyway so this isn't partitularly important IMO.
--
Ethan Benson
http://www.alaska.net/~erbenson/
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Joey Hess <joeyh@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Wichert Akkerman <wichert@wiggy.net>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #44 received at 171170-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
As of version 0.5.8, apt supports TMPDIR for determining where
apt-extracttemplates puts its temporary files. If you have a noexec
/tmp, use this or other documented means to make apt-extracttemplates
use a directory that does accept executables.
--
see shy jo
[Message part 2 (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Mon Sep 2 00:31:46 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.