Re: Bug#179125: maintainer scripts tries to exec script in /tmp
Quoting Thomas Wouters <thomas@xs4all.net>:
> On Mon, Feb 03, 2003 at 11:00:58AM +0000, Oliver Elphick wrote:
>
> > A temporary script needs to be somewhere, and /tmp is guaranteed to
> > exist and to be available for temporary files. I don't see how making
> > its contents non-executable contributes anything to security; no-one has
> > /tmp in their path, I hope!
>
> I assume you can still do 'interpreter ${TMPDIR}/${tmpfile}' to execute it
> ?
plank% cat > /tmp/foo
#!/bin/sh
ls
plank% chmod 755 /tmp/foo
plank% /tmp/foo
zsh: permission denied: /tmp/foo
plank% sh /tmp/foo
#pseudo-scratch# jaf-doc-1.0.1-1.noarch.rpm
...
plank%
Yes. I would be happy for maintainer scripts to source temporary scripts, in
this way.
As Russel answers elsewhere in this thread, /tmp is mounted noexec because the
machine in question has a lot of untrusted users who do have ssh access. Cases
such as the slapper worm have installed exploits into /tmp because most people
*don't* think to mount /tmp noexec. Certainly it's not the best solution, we
are investigating SE Linux, but in the meantime every bit helps.
>In the meantime, I do not see that maintainers can be expected to
>foresee all the things that administrators may do to their machines to
>make packages uninstallable.
Certainly you cannot forsee them, but you should certainly make your packages
cope when they are reported.
Anyway, like I said, I would be content for the maintainer script to source the
temporary executable by calling the interpreter, as Thomas suggests. I also
concur with Henrique that you should be using TMPDIR instead of hardwiring /tmp
-- that way I can use a root-only temporary directory.
Thanks.
Jamie
Reply to: