Re: apt-get and mounting /tmp with noexec option

To: debian-isp@lists.debian.org
Subject: Re: apt-get and mounting /tmp with noexec option
From: froh@fsb.gotdns.org (Frode Haugsgjerd)
Date: Wed, 14 Jan 2004 11:53:53 +0100
Message-id: <[🔎] 20040114105353.GA25887@fsb.gotdns.org>
In-reply-to: <[🔎] 6.0.0.22.0.20040113191407.029ef6a0@wheresmymailserver.com>
References: <[🔎] 6.0.0.22.0.20040113191407.029ef6a0@wheresmymailserver.com>

On Wed, Jan 14, 2004 at 03:53:35AM +0100, Arnoud Warmerdam wrote:
> Hi,
> 
> I have mounted my /tmp directory (which has it's own partition) with the 
> noexec option. The reason i did this, was that a poorly written cgi-script 
> caused a binary to be downloaded and executed in /tmp. Luckily, the 
> firewall prevented it from doing any harm, but i wanted to prevent this 
> from happening again. In the future i plan to place apache in a chroot 
> jail, but in the meantime this seemed like a good thing to do. Here is the 
> line from my /etc/fstab:
> 
> /dev/sda9	/tmp	ext2	noexec,nosuid,rw	0	2
> 

-snip-

> 
> Is it considered bad practice to mount /tmp with the noexec option? If not, 
> is there a way to tell apt to use another directory?
> 
> 
> - Arnoud Warmerdam

I got tmp mounted noexec too.

/etc/apt/apt.conf.d/70debconf:
// Pre-configure all packages with debconf before they are installed.
// If you don't like it, comment it out.
#DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";};

As you see, i dont like it.
--
Frode Haugsgjerd
Norway

Reply to:

References:
- apt-get and mounting /tmp with noexec option
  - From: Arnoud Warmerdam <debian-isp@warpnet.nl>

Prev by Date: Re: Announce: Domain Technologie Control 0.12.0 R1
Next by Date: need your help
Previous by thread: apt-get and mounting /tmp with noexec option
Next by thread: Re: apt-get and mounting /tmp with noexec option
Index(es):
- Date
- Thread