Re: Bug#179125: maintainer scripts tries to exec script in /tmp
On Tue, 2003-02-04 at 09:08, Christian Kurz wrote:
> Hi Oliver,
> On [03/02/03 11:00], Oliver Elphick wrote:
> > Explanation: the postinst generates a temporary script for use during
> > installation. Its name is generated with mktemp and it is stored in
> > /tmp; it is deleted by a trap when the postinst terminates.
> > On Fri, 2003-01-31 at 00:22, Jamie Wilkinson wrote:
> > > Preconfiguring packages ...
> > > Can't exec "/tmp/config.151751": Permission denied at
> > > /usr/share/perl/5.8.0/IPC/Open3.pm line 159.
> > ...
> > > I have /tmp mounted noexec for security reasons.
> > > none on /tmp type tmpfs (rw,noexec,nosuid,nodev,size=500m)
> > > You shouldn't rely on being able to execute scripts in /tmp.
> I just finished reading the discussion on -devel and somehow had to
> again look at this bug. I was concerned that something obvious might
> have been missed in this discussion. After staring at the transcript for
> some minutes, I think I found it. Look at the first line, it says this:
> |Preconfiguring packages ...
> As far as I know the postinst script is never called when a package is
> preconfigured but when the installation is finished. So in this case I
> guess it's not your postinst that generates this error. So I guess that
> this message was generated by something else:
> |Can't exec "/tmp/config.151751": Permission denied at /usr/share/perl/5.8.0/IPC/Open3.pm line 159.
How easy it is for me to see what I expect to see! Not that the past
discussion has been wasted, because if he hadn't fallen over this, he
would have fallen over the postinst one later.
> Then I remember that I've seen this message in the past and took a look
> at the manpage of apt-extracttemplates. There I found this information:
> | template-file and config-script are written to the temporary directory
> | specified by the -t or --tempdir (APT::ExtractTemplates::TempDir>)
> | directory, with filenames of the form template.XXXX and config.XXXX
> So I guess that the error message above was generated by debconf which
> wanted to configure the package. I think I've seen the same error
> message, when I had once mounted tmp with noexec on a machine. I might
> be wrong about supposing that it's debconf that fails, but at least I'm
> pretty sure that it's not the postinst. Otherwise I would ask you or
> somebody else to explain to me since when the postinst is run at
> preconfiguration time. Maybe this helps you a bit finding the real
> mistake, since I'm having the feeling that the discussion on -devel
> centered around the wrong assumption.
I'm surprised that he hasn't been bitten by this before, but it is
obviously debconf that is doing it.
> If you want to quote parts of this e-Mail on -devel for the other people
> discussing the issue, I'll give you permission. If I made some mistake
> and my whole analyzation of the situation is false, then I apologize for
> my mistake and accept that I was wrong.
You seem to be entirely correct.
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight, UK http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"That at the name of Jesus every knee should bow, of
things in heaven, and things in earth, and things
under the earth; And that every tongue should confess
that Jesus Christ is Lord, to the glory of God the
Father." Philippians 2:10,11