[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Potential bug in dpkg when using pre-depends?


the bug you pointed out is not really the main issue i am having. This issue with noexec on temp just flashed the real issue.

As someone there said:
Just to make life a little bit more difficult for canned exploits on a
web server, I've tried to eliminate directories where daemon users have
both write and exec ability. In particular, /tmp is mounted noexec.

That, however, makes preconfiguring packages unhappy:

Preconfiguring packages ...
Can't exec "/tmp/libc6.config.32281": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
open2: exec of /tmp/libc6.config.32281 configure 2.7-6 failed at /usr/share/perl5/Debconf/ConfModule.pm line 59
libc6 failed to preconfigure, with exit status 9

To debconf's credit, it survives and configures later, so it's mostly
just ugly.

The real problem is that debconf behaves differently when needs to install pre-depends packages and the outcome is wrong when /tmp is executable
but behaves as expected at least from what it says in the documentation (pre-depends packages have to be fully installed including the execution of postint scripts) when
'noexec' is applied on /tmp. Debconf survives the errors and have a fallback to continue configuring the packages and this fallback is actually doing what is expected.
is there an option to configure debconf to always do this kind of fallback?

On Mon, Jul 25, 2016 at 10:22 PM, Sven Joachim <svenjoac@gmx.de> wrote:
On 2016-07-25 20:05 +0300, Dani Galmanovich wrote:

> Hi everybody,
> I have encountered a strange behavior when combining apt-get and
> pre-depends rules in the control file. The story is as follows:
> I have a package, lets call it 'main package', with the following rules in
> the control file:
> pre-depends on package 'A' and depends on package 'B'
> I have noticed that dpkg creates temp files of the .config files under /tmp
> folder and tries to execute them ( I assume that this is done for some kind
> of caching?)

To the best of my knowledge dpkg does not do that, rather you seem to
have stumbled over a well known problem in debconf.  See bug #223683[1]
and siblings.


1. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683

Reply to: