Bug#481295: Preconfiguring of openssh-servers fails due to mount option "noexec" on /tmp
reassign 481295 debconf
forcemerge 223683 481295
On Thu, May 15, 2008 at 08:05:44AM +0200, Meinhard Schneider wrote:
> Package: openssh-server
> Version: 1:4.3p2-9etch1
> Severity: important
> Just updated openssh-* and got this message:
> Preconfiguring packages ...
> Can't exec "/tmp/openssh-server.config.35001": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
> open2: exec of /tmp/openssh-server.config.35001 configure 1:4.3p2-9 failed at /usr/share/perl5/Debconf/ConfModule.pm line 58
> openssh-server failed to preconfigure, with exit status 9
This is a well-known and long-standing behaviour of debconf, and not
anything that openssh itself is doing specially. Note that the noexec
option is fairly useless for security purposes (except to slow people
down a little bit) as you could in principle just run the script
manually through an appropriate interpreter.
> I believe it is legal to mount /tmp without binary exec support for
> security improvement. Executing scripts from /tmp is IMHO a very bad
If you want to do this, you need to remount it exec while installing
Colin Watson [email@example.com]