Bug#249322: marked as done ([MERGED] Don't offer noexec option for /tmp)

To: Anton Zinoviev <zinoviev@debian.org>
Cc: Debian Install System Team <debian-boot@lists.debian.org>
Subject: Bug#249322: marked as done ([MERGED] Don't offer noexec option for /tmp)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 20 Jul 2004 09:03:14 -0700
Message-id: <[🔎] handler.249322.D249322.10903385799131.ackdone@bugs.debian.org>
In-reply-to: <E1Bmwpy-00021v-00@newraff.debian.org>
References: <E1Bmwpy-00021v-00@newraff.debian.org> <20040516161154.GA21569@jumi.lut.fi>

Your message dated Tue, 20 Jul 2004 11:47:26 -0400
with message-id <E1Bmwpy-00021v-00@newraff.debian.org>
and subject line Bug#249322: fixed in partman-xfs 14
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 16 May 2004 16:12:29 +0000
>From bostik@jumi.lut.fi Sun May 16 09:12:29 2004
Return-path: <bostik@jumi.lut.fi>
Received: from lame.lut.fi [157.24.54.8] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BPOFY-000532-00; Sun, 16 May 2004 09:12:29 -0700
Received: from jumi.lut.fi (jumi.lut.fi [157.24.54.9])
	by lame.lut.fi (Postfix) with ESMTP
	id 78A96186AE; Sun, 16 May 2004 19:11:55 +0300 (EEST)
Received: by jumi.lut.fi (Postfix, from userid 6902)
	id 083729054; Sun, 16 May 2004 19:11:54 +0300 (EEST)
Date: Sun, 16 May 2004 19:11:54 +0300
From: Mika Bostrom <bostik@lut.fi>
To: submit@bugs.debian.org
Cc: bostik@lut.fi
Subject: Debian-installer, beta-4
Message-ID: <20040516161154.GA21569@jumi.lut.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.4.2.1i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.5 required=4.0 tests=BAYES_30,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: installation-reports

Debian-installer-version: http://cdimage.debian.org/pub/cdimage-testing/ \
  sarge_d-i/i386/beta4/sarge-i386-netinst.iso (2004-04-30)
uname -a: 
Date: 2004-05-16; 15:00 EET
Method: Base system from CD, network install after boot; used
  ftp.fi.debian.org as mirror; CD was external USB drive

Machine: VIA EPIA
Processor: C3 1GHz
Memory: 512MB
Root device: /dev/hda
Partition table:
  /dev/hda1   /boot       (75M)   [ext3]
  /dev/hda5   /           (530M)  [ext3]
  /dev/hda6   /usr        (5.5G)  [xfs]
  /dev/hda7   /var        (2G)    [xfs]
  /dev/hda8   /tmp        (1.2G)  [xfs]
  /dev/hda9   /home       (15G)   [xfs]
  /dev/hda10  /mnt/www    (1G)    [xfs]
  /dev/hda11  /mnt/media  (97.5G) [xfs]

Base system installation checklist:

Initial boot worked:      [O]
Configure network HW:     [O]
Config network:           [O]
Detect CD:                [O]
Load installer modules:   [O]
Detect hard drives:       [O]
Partition hard drives:    [O] **
Create file systems:      [O]
Mount partitions:         [O]
Install base system:      [O]
Install boot loader:      [O]
Reboot:                   [O]

Comments/Problems:
  As marked with '**' above, there are certain issues with partitioning.
First, it is not exactly intuitive - the rest of the install is.
Secondly, a person doing a relatively secure install will find himself
shot on the foot. I chose mount options for /tmp: nodev,nosuid,noexec
this was a bad idea.

  After boot, installer tries to execute the actual system install. For
this, a script stored in /tmp is used. At the end of boot, the script
can't execute because of noexec. There are some errors and then init
will try to sleep. There is relatively little to do at this point.

  That was the first bug with partitioning. Solution would be to call
the second stage installer always with /bin/sh, not trying to execute it
directly.

  There was another issue with installer that I discovered because of
this. The installer (or its current revision at least) can not be used
as a rescue media. This is not the issue, but it caused the real
discovery.

  Trying to do a reinstall: I was happy with the partition layout and
wouldn't have wanted to set it again; only wanted to remove the noexec
flag from /tmp. This proved to be impossible. The partitioning menu,
when faced with existing layout and filesystems, only displays three
selections. Editing the partition and its options is not one of them. (I
know I should have taken a shot of the menu but was too struck to think
of it.) In the end I didn't want to bother with trying to trick the
installer to work with me, so I went with a fresh install after all.
This time omitted noexec from /tmp. This install worked.

  There is one final issue with second stage of install. Setting up the
packages winds up in an error. Hitting enter on "Install selected
packages" results in apt-get pulling one more package (for my firewall
setup, it was python; for my would-be server, it was indent); after
that, the installation continues.


-- 
Mika Boström     \ /  "World peace will be achieved
Bostik@lut.fi     X    when the last man has killed
Security freak   / \   the second-to-last." -anon?

---------------------------------------
Received: (at 249322-close) by bugs.debian.org; 20 Jul 2004 15:49:39 +0000
>From katie@ftp-master.debian.org Tue Jul 20 08:49:39 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Bmws7-0002N6-00; Tue, 20 Jul 2004 08:49:39 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1Bmwpy-00021v-00; Tue, 20 Jul 2004 11:47:26 -0400
From: Anton Zinoviev <zinoviev@debian.org>
To: 249322-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#249322: fixed in partman-xfs 14
Message-Id: <E1Bmwpy-00021v-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Tue, 20 Jul 2004 11:47:26 -0400
Delivered-To: 249322-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: partman-xfs
Source-Version: 14

We believe that the bug you reported is fixed in the latest version of
partman-xfs, which is due to be installed in the Debian FTP archive:

partman-xfs_14.dsc
  to pool/main/p/partman-xfs/partman-xfs_14.dsc
partman-xfs_14.tar.gz
  to pool/main/p/partman-xfs/partman-xfs_14.tar.gz
partman-xfs_14_all.udeb
  to pool/main/p/partman-xfs/partman-xfs_14_all.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 249322@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anton Zinoviev <zinoviev@debian.org> (supplier of updated partman-xfs package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 20 Jul 2004 16:01:08 +0300
Source: partman-xfs
Binary: partman-xfs
Architecture: source all
Version: 14
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Anton Zinoviev <zinoviev@debian.org>
Description: 
 partman-xfs - Add to partman support for xfs (udeb)
Closes: 249322 255135 258117
Changes: 
 partman-xfs (14) unstable; urgency=low
 .
   * Anton Zinoviev
     - disable the "noexec" mount option for the file system mounted on
       /tmp; thanks to Mika Bostrom, Stephen Touset and Ken Schweigert
       (closes: #249322, #255135, #258117)
     - active_partition/xfs/*, commit.d/format_xfs: support for labels
   * Updated translations:
     - Arabic (ar.po) by Ossama M. Khayat
     - Welsh (cy.po) by Dafydd Harries
     - German (de.po) by Dennis Stampfer
     - Croatian (hr.po) by Kruno
     - Norwegian Nynorsk (nn.po) by HÃ¥vard Korsvoll
Files: 
 1f41245320a30a05d0deebe640ad164e 622 debian-installer standard partman-xfs_14.dsc
 b2261595c6f6504e8d428896ddb8e0ea 125516 debian-installer standard partman-xfs_14.tar.gz
 f095a5fb31c2aead6d3493679aae6c7d 40700 debian-installer standard partman-xfs_14_all.udeb
package-type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA/RyeJP1eZJv0KwcRAtFeAJwPUvO6CDwqskOxPLMwQpOcIniKOACdH3i7
mrIOzEgzCRcfusia+TLCKiM=
=Pwjr
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: partman-target_25_i386.changes ACCEPTED
Next by Date: Bug#250033: marked as done (destroys existing, unused lvm volumes by setting partition type to linux)
Previous by thread: partman-target_25_i386.changes ACCEPTED
Next by thread: Bug#250033: marked as done (destroys existing, unused lvm volumes by setting partition type to linux)
Index(es):
- Date
- Thread