I am struggling to see the vulnerability here still - the path used in this case is /tmp/ubuntu-drivers-common.config.55GJ8b appears to have a randomly generated suffix and so couldn't have been guessed beforehand nor preseeded with other contents by a local attacker - so the only way then that I can see that this could be a vulnerability would be if this file was world-writable - but it is not clear that this is the case either.
Assuming this file comes from debconf, from what I can see in its sources, it creates temporary files via the https://perldoc.perl.org/File::Temp package - which states that files are created with permissions 0600 by default too. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to perl in Ubuntu. https://bugs.launchpad.net/bugs/2043711 Title: Open3.pm tries to run code in /tmp when updating ubuntu-drivers-common Status in perl package in Ubuntu: Invalid Bug description: During update of ubuntu-drivers-common: Can't exec "/tmp/ubuntu-drivers-common.config.55GJ8b": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178, <GEN0> line 1. open2: exec of /tmp/ubuntu-drivers-common.config.55GJ8b configure 1:0.9.6.2~0.22.04.4 failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59. Preconfiguring packages ... Can't exec "/tmp/ubuntu-drivers-common.config.uSPrCH": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178, <GEN0> line 1. open2: exec of /tmp/ubuntu-drivers-common.config.uSPrCH configure 1:0.9.6.2~0.22.04.4 failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59. /tmp is mounted with noexec because running code from /tmp has been a vulnerability vector for several decades, hence reporting this as a vulnerability in perl-base. This error did not appear to prevent the update of ubuntu-drivers- common and "dpkg --verify ubuntu-drivers-common" returns 0. ___________________________________________________________________________________________________________ Attempting to use the package search on this form by clicking the 🔍 created a modal in which there is an error Sorry, something went wrong with your search. We've recorded what happened, and we'll fix it as soon as possible. (Error ID: OOPS-c80f71590b02908a1187b9f743c53eac) which is repeated with any attempt to search for a package. ___________________________________________________________________________________________________________ Submitting this form gives an error "perl-base" does not exist in Ubuntu. Please choose a different package. If you're unsure, please select "I don't know" $ dpkg -S /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm perl-base: /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm $ dpkg -l perl-base Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-=================-============-=============================> ii perl-base 5.34.0-3ubuntu1.2 amd64 minimal Perl system Looks like a package to me. Nevertheless, using "Did you mean..." offers "perl". ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: perl-base 5.34.0-3ubuntu1.2 ProcVersionSignature: Ubuntu 6.5.0-1007.7-oem 6.5.3 Uname: Linux 6.5.0-1007-oem x86_64 ApportVersion: 2.20.11-0ubuntu82.5 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Thu Nov 16 10:08:48 2023 InstallationDate: Installed on 2016-04-23 (2763 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) ProcEnviron: TERM=rxvt PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: perl UpgradeStatus: Upgraded to jammy on 2022-08-19 (453 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2043711/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
