This system has remained substantially vanilla since the original
install - 18.04 if I remember correctly - with only LTS upgrades and I
have certainly made no local changes to the packaging tools.
$ which apt-extracttemplates
/usr/bin/apt-extracttemplates
$ debsums -s apt-utils
$
That is to say
$ readlink -f /var/cache/debconf/tmp.ci
/var/cache/debconf/tmp.ci
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/2043711
Title:
Open3.pm tries to run code in /tmp when
Attributing the bug to debconf and setting status to New following
advice while (mis)attributed to perl.
** Package changed: perl (Ubuntu) => debconf (Ubuntu)
** Changed in: debconf (Ubuntu)
Status: Invalid => New
--
You received this bug notification because you are a member of Ubuntu
Caught the error again, again while running in Software Updater, but I
captured the output from the beginning. There were only four related
packages being updated.
Preconfiguring packages ...
Can't exec "/tmp/cryptsetup-initramfs.config.UaZ02N": Permission denied at
I will attempt to capture more details when I next observe the error so
that the correct package can be identified for this report.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to perl in Ubuntu.
You are of course quite right that the risk associated with a file
created with a "random" six character case-insensitive alphanumeric
suffix and run a moment later is far smaller than more obviously risky
misuses of /tmp. Nevertheless the issue is not about evaluating the risk
of an adversary
@vorlon, Thank you for your considered response. I concur that this is
not a vulnerability in the Ubuntu perl package.
While I do not disagree with any of the points you make, the fact
remains that processes running as root created a file directly in /tmp
not using a safe *mktemp* process and
7 matches
Mail list logo
