On Sat, Jul 12, 2003 at 10:37:24PM -0400, Jim Popovitch wrote: > Well now, that is interesting. You are absolutely correct about the sticky > bit. It is the noexec flag that this is happening with, and I agree that it > alone is not a total security solution. However, it is a piece of a much > bigger pie and really should be enforced. You should be able to tell apt to mount /tmp -o remount,exec before running dpkg, and to remount,noexec again afterwards. See apt.conf, and look for the Pre-Invoke and Post-Invoke options. See this thread (for having a read-only /usr, which entails some complications that a noexec /tmp wouldn't) for clues: http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html Happy hacking, -- #define X(x,y) x##y Peter Cordes ; e-mail: X(peter@llama.nslug.n , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC
Attachment:
pgptNkUhYfZnq.pgp
Description: PGP signature