This bug was fixed in the package debconf - 1.5.82
---
debconf (1.5.82) unstable; urgency=medium
* Bump debhelper from old 12 to 13.
* Don't remove /var/cache/debconf/tmp.ci, to avoid warnings if it's a
mountpoint (closes: #1028128).
-- Colin Watson Sun, 08 Jan 2023
** Changed in: debconf (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/90085
Title:
When /tmp is mounted noexec,
** Changed in: debconf (Debian)
Status: Confirmed => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/90085
Title:
When /tmp is mounted noexec,
@jblainemitre indeed - but presumably one can pick any directory? I'm
assuming there's no particular requirement that the selected dir is
world-writeable like /tmp and /var/tmp (or at least there doesn't seem
to be in my setup?)
--
You received this bug notification because you are a member of
On Ubuntu 18.04 with noexec on /tmp running 'apt-get install -y selinux'
and then doing a required reboot will give you a non-booting host.
As an aside, the same security guidance (CIS Benchmarks for one) about
noexec on /tmp should be applied to /var/tmp, so changing
My workaround uses a dedicated directory for apt that is noexec as well
but becomes temporally during installs:
/etc/fstab:
tmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0
tmpfs /var/tmp/apt tmpfs
defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0
I found this discussion / bug thread while looking for a solution to an
inability to install packages on a VPS in my Dreamhost account.
Dreamhost has /tmp mounted with noexec and there's some kind of
permission preventing me from remounting it to turn off noexec.
I don't know the ins and outs of
by invoking the executable with the help of the dynamic Linux loader.
Although you are right, in real world vulnerability exploitation you
often don't control much of the environment, sometimes even the way an
executable gets executed.
The reason most people mount tmp with noexec is that it is
Please let the user decide if using a /tmp noexec mount point is more
secure or not.
That doesn't even make sense. It's a fact that mounting /tmp with
noexec doesn't give you any extra security simply because you can
simply circumvent it by invoking the executable with the help of the
dynamic
9 matches
Mail list logo
