[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#481295: Preconfiguring of openssh-servers fails due to mount option "noexec" on /tmp

reassign 481295 debconf
forcemerge 223683 481295

On Thu, May 15, 2008 at 08:05:44AM +0200, Meinhard Schneider wrote:
> Package: openssh-server
> Version: 1:4.3p2-9etch1
> Severity: important
> Just updated openssh-* and got this message:
> [...]
> Preconfiguring packages ...
> Can't exec "/tmp/openssh-server.config.35001": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
> open2: exec of /tmp/openssh-server.config.35001 configure 1:4.3p2-9 failed at /usr/share/perl5/Debconf/ConfModule.pm line 58
> openssh-server failed to preconfigure, with exit status 9
> [...]

This is a well-known and long-standing behaviour of debconf, and not
anything that openssh itself is doing specially. Note that the noexec
option is fairly useless for security purposes (except to slow people
down a little bit) as you could in principle just run the script
manually through an appropriate interpreter.

> I believe it is legal to mount /tmp without binary exec support for
> security improvement. Executing scripts from /tmp is IMHO a very bad
> idea.

If you want to do this, you need to remount it exec while installing
Debian packages.


Colin Watson                                       [cjwatson@debian.org]

Reply to: