Re: Package configuration with /tmp mounted noexec

To: debian-user@lists.debian.org
Subject: Re: Package configuration with /tmp mounted noexec
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 23 Oct 2001 04:29:59 -0500
Message-id: <[🔎] 20011023042959.A20921@debian.org>
Mail-followup-to: Colin Watson <cjwatson@debian.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 200110230437.f9N4bN1h021796@daedalus.andrew.net.au>; from andrew@andrew.net.au on Tue, Oct 23, 2001 at 02:37:23PM +1000
References: <[🔎] 200110230437.f9N4bN1h021796@daedalus.andrew.net.au>

On Tue, Oct 23, 2001 at 02:37:23PM +1000, Andrew Pollock wrote:
> I've got /tmp mounted rw,noexec,nosuid,nodev because I think I read
> somewhere that that was a good way to go security-wise.
> 
> It seems that some package related configuration stuff writes
> temporary scripts into /tmp, which then don't run because /tmp's
> mounted noexec

There's already been a bug filed about this and bounced around a few
places (eventually ending up with debconf), so if you're running
unstable then with any luck you should find that it's fixed soon.

> Should perhaps such scripts be placed elsewhere? /var/tmp? Is mounting
> /tmp noexec a bit pointless?

noexec is really just a sanity check anyway as far as interpreted
scripts are concerned. (Compare '/tmp/foo' with 'perl /tmp/foo'.) nodev
and nosuid are more useful.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Package configuration with /tmp mounted noexec
  - From: Andrew Pollock <andrew@andrew.net.au>

Prev by Date: Re: dosemu&freedos
Next by Date: Re: Package configuration with /tmp mounted noexec
Previous by thread: Re: Package configuration with /tmp mounted noexec
Next by thread: Re:problems installing 2.4 kernel (2)
Index(es):
- Date
- Thread