[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

update issue when /tmp is noexec



For some time now, in order to add a bit of security I have made /tmp noexec. However I noticed recently looking at the messages scrolling up the screen that some update configuration scripts were failing as they were trying to be executed in /tmp. After googling I found this article:

http://www.debian-administration.org/articles/57

Which said to fix this do the following:

Add the following to the file /etc/apt/apt.conf:

  DPkg::Pre-Invoke{"mount -o remount,exec /tmp";};
  DPkg::Post-Invoke {"mount -o remount /tmp";};

  This contains two lines, one running before any packing installation and one afterwards. They merely execute the commands required to add and remove the execute permissions on the /tmp
 
Unfortunately this article was written in 2004, and it seems that there's no longer a file /etc/apt/apt.conf

How could I amend the configuration of apt to fix this?

Alternatively, as a workaround I thought of writing a script along the lines of:

  mount -o remount,exec /tmp
  aptitude update && aptitude safe-upgrade
  mount -o remount /tmp

If I run this script as root, instead of letting the update manager do the work, would it do the upgrade properly? (Running Lenny)

I also wonder whether the updates I have done which have not allowed scripts to run in /tmp have somehow compromised my system and if so would appreciate any advice as to how to correct this.


Reply to: