Re: Bug#179125: maintainer scripts tries to exec script in /tmp
Cc'ed to debian-devel for comments.
Explanation: the postinst generates a temporary script for use during
installation. Its name is generated with mktemp and it is stored in
/tmp; it is deleted by a trap when the postinst terminates.
On Fri, 2003-01-31 at 00:22, Jamie Wilkinson wrote:
> Preconfiguring packages ...
> Can't exec "/tmp/config.151751": Permission denied at
> /usr/share/perl/5.8.0/IPC/Open3.pm line 159.
...
> I have /tmp mounted noexec for security reasons.
> none on /tmp type tmpfs (rw,noexec,nosuid,nodev,size=500m)
>
> You shouldn't rely on being able to execute scripts in /tmp.
I can find no mention of such a rule in policy, nor in the FHS, You are
welcome to propose such a change to policy.
In the meantime, I do not see that maintainers can be expected to
foresee all the things that administrators may do to their machines to
make packages uninstallable.
A temporary script needs to be somewhere, and /tmp is guaranteed to
exist and to be available for temporary files. I don't see how making
its contents non-executable contributes anything to security; no-one has
/tmp in their path, I hope!
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
========================================
"O come, let us worship and bow down; let us kneel
before the LORD our maker." Psalms 95:6
Reply to: