Re: apt-get and mounting /tmp with noexec option
On Wed, Jan 14, 2004 at 03:53:35AM +0100, Arnoud Warmerdam wrote:
> Hi,
>
> I have mounted my /tmp directory (which has it's own partition) with the
> noexec option. The reason i did this, was that a poorly written cgi-script
> caused a binary to be downloaded and executed in /tmp. Luckily, the
> firewall prevented it from doing any harm, but i wanted to prevent this
> from happening again. In the future i plan to place apache in a chroot
> jail, but in the meantime this seemed like a good thing to do. Here is the
> line from my /etc/fstab:
>
> /dev/sda9 /tmp ext2 noexec,nosuid,rw 0 2
>
-snip-
>
> Is it considered bad practice to mount /tmp with the noexec option? If not,
> is there a way to tell apt to use another directory?
>
>
> - Arnoud Warmerdam
I got tmp mounted noexec too.
/etc/apt/apt.conf.d/70debconf:
// Pre-configure all packages with debconf before they are installed.
// If you don't like it, comment it out.
#DPkg::Pre-Install-Pkgs {"/usr/sbin/dpkg-preconfigure --apt || true";};
As you see, i dont like it.
--
Frode Haugsgjerd
Norway
Reply to: