Bug#295106: marked as done (dpkg: postinst/postrm scripts don't work if /var is mounted with noexec)

To: Scott James Remnant <scott@netsplit.com>
Cc: Dpkg Development <debian-dpkg@lists.debian.org>
Subject: Bug#295106: marked as done (dpkg: postinst/postrm scripts don't work if /var is mounted with noexec)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 14 Feb 2005 01:33:30 -0800
Message-id: <[🔎] handler.295106.D295106.11083725715592.ackdone@bugs.debian.org>
In-reply-to: <1108372567.15564.6.camel@localhost.localdomain>
References: <1108372567.15564.6.camel@localhost.localdomain> <[🔎] 200502131805.j1DI5fxT009630@roadrunner.skyblue.gen.tr>

Your message dated Mon, 14 Feb 2005 09:16:07 +0000
with message-id <1108372567.15564.6.camel@localhost.localdomain>
and subject line Bug#295106: dpkg: postinst/postrm scripts don't work if /var is mounted with noexec
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Feb 2005 18:06:29 +0000
>From ealtin@skyblue.gen.tr Sun Feb 13 10:06:29 2005
Return-path: <ealtin@skyblue.gen.tr>
Received: from dsl85-96-6232.ttnet.net.tr (roadrunner.skyblue.gen.tr) [85.96.24.88] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D0O8Z-0000Cg-00; Sun, 13 Feb 2005 10:06:28 -0800
Received: from roadrunner.skyblue.gen.tr (roadrunner.skyblue.gen.tr [127.0.0.1])
	by roadrunner.skyblue.gen.tr (8.13.3/8.13.3/Debian-6) with ESMTP id j1DI5g9p009631
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Sun, 13 Feb 2005 20:05:42 +0200
Received: (from skyblue@localhost)
	by roadrunner.skyblue.gen.tr (8.13.3/8.13.3/Submit) id j1DI5fxT009630;
	Sun, 13 Feb 2005 20:05:41 +0200
Message-Id: <[🔎] 200502131805.j1DI5fxT009630@roadrunner.skyblue.gen.tr>
X-Authentication-Warning: roadrunner.skyblue.gen.tr: skyblue set sender to ealtin@casdb.com using -f
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Enver ALTIN <ealtin@skyblue.gen.tr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dpkg: postinst/postrm scripts don't work if /var is mounted with noexec
X-Mailer: reportbug 3.7.1
Date: Sun, 13 Feb 2005 20:05:41 +0200
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: dpkg
Version: 1.10.27
Severity: important


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Enver ALTIN <ealtin@casdb.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dpkg: postinst/postrm scripts don't work if /var is mounted with
	noexec
Bcc: Enver ALTIN <ealtin@casdb.com>
X-Reportbug-Version: 3.7.1

Package: dpkg
Version: 1.10.27
Severity: important

For the security point of view, mounting /var and /tmp with noexec is usually believed to be a good idea, since this would protect the system from unauthorized execution of unknown applications. Unfortunately, when /var is mounted, postinst and postrm scripts don't seem to work.

Do you see an easy solution for this?

Thanks,

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages dpkg depends on:
ii  dselect                     1.10.27      a user tool to manage Debian packa
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an

-- no debconf information

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages dpkg depends on:
ii  dselect                     1.10.27      a user tool to manage Debian packa
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an

-- no debconf information

---------------------------------------
Received: (at 295106-done) by bugs.debian.org; 14 Feb 2005 09:16:11 +0000
>From scott@netsplit.com Mon Feb 14 01:16:11 2005
Return-path: <scott@netsplit.com>
Received: from populous.netsplit.com (mailgate.netsplit.com) [62.49.129.34] (qmailr)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D0cKx-0001S0-00; Mon, 14 Feb 2005 01:16:11 -0800
Received: (qmail 10010 invoked from network); 14 Feb 2005 09:16:09 -0000
Received: from unknown (HELO ?192.168.1.45?) (scott@217.37.231.25)
  by populous.netsplit.com with SMTP; 14 Feb 2005 09:16:09 -0000
Subject: Re: Bug#295106: dpkg: postinst/postrm scripts don't work if /var
	is mounted with noexec
From: Scott James Remnant <scott@netsplit.com>
To: 295106-done@bugs.debian.org, Enver ALTIN <ealtin@skyblue.gen.tr>
In-Reply-To: <[🔎] 200502131805.j1DI5fxT009630@roadrunner.skyblue.gen.tr>
References: <[🔎] 200502131805.j1DI5fxT009630@roadrunner.skyblue.gen.tr>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-gK9uxDJomZXuxLW9YXmQ"
Date: Mon, 14 Feb 2005 09:16:07 +0000
Message-Id: <1108372567.15564.6.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.1.5 
Delivered-To: 295106-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--=-gK9uxDJomZXuxLW9YXmQ
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2005-02-13 at 20:05 +0200, Enver ALTIN wrote:

>For the security point of view, mounting /var and /tmp with noexec is usua=
lly
>believed to be a good idea, since this would protect the system from unaut=
horized
>execution of unknown applications.
>=20
I don't really see why it's a good idea; if you can get write-permission
to the disk to place a binary in /var and make it +x you've got a bigger
problem.

Seems like an entirely pointless thing to do, to me.

>Unfortunately, when /var is mounted, postinst and postrm scripts don't see=
m to work.
>
Use an alternate admindir, dpkg --admindir=3D/usr/local/var/dpkg or
something.  You can put this in dpkg.cfg if you like.

Scott
--=20
Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?

--=-gK9uxDJomZXuxLW9YXmQ
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQBCEGxWIexP3IStZ2wRAg+bAJ0dThIYEKLGSf8SScmKro6YBtGPQACghuAX
yd8vMa0fqAAvOLj3adU4iqA=
=WWpN
-----END PGP SIGNATURE-----

--=-gK9uxDJomZXuxLW9YXmQ--

Reply to:

References:
- Bug#295106: dpkg: postinst/postrm scripts don't work if /var is mounted with noexec
  - From: Enver ALTIN <ealtin@skyblue.gen.tr>

Prev by Date: Processed: Re: Bug#295169: dpkg: [S-S-D] start-stop-daemon doesn't set HOME enviroment variable when switching users via --chuid
Next by Date: Bug#295169: dpkg: [S-S-D] start-stop-daemon doesn't set HOME enviroment variable when switching users via --chuid
Previous by thread: Bug#295106: dpkg: postinst/postrm scripts don't work if /var is mounted with noexec
Next by thread: Bug#295169: dpkg: [S-S-D] start-stop-daemon doesn't set HOME enviroment variable when switching users via --chuid
Index(es):
- Date
- Thread