Bug#546911: apt-extracttemplates should extract to /var/lib/apt/tmp and not /tmp so that /tmp can be mounted noexec
Package: apt
Version: 0.7.23.1
Severity: normal
Hi,
Some administrators like to mount /tmp and /var/tmp with the noexec
option. That makes it harder for people to download and execute
malware when they manage to execute commands through a web application
vulnerability for example.
However those admins always have to change APT::ExtractTemplates::TempDir
to point it to another directory because the config scripts that are
extracted with apt-extracttemplates have to be executed...
It would thus be nice to change the default directory in favor of
a private temporary directory so that this step is no more required.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages apt depends on:
ii debian-archive-keyring 2009.01.31 GnuPG archive keys of the Debian a
ii libc6 2.9-26 GNU C Library: Shared libraries
ii libgcc1 1:4.4.1-4 GCC support library
ii libstdc++6 4.4.1-4 The GNU Standard C++ Library v3
apt recommends no packages.
Versions of packages apt suggests:
pn apt-doc <none> (no description available)
ii aptitude 0.4.11.11-1+b2 terminal-based package manager
ii bzip2 1.0.5-3 high-quality block-sorting file co
ii dpkg-dev 1.15.4 Debian package development tools
ii python-apt 0.7.13.2 Python interface to libapt-pkg
ii synaptic 0.62.9 Graphical package manager
ii xz-utils [lzma] 4.999.8beta-1 high compression-ratio compressor
-- no debconf information
Reply to: