touch-packages team mailing list archive

Thread
Date

[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: John Paul Adrian Glaubitz <glaubitz@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 03 Jan 2015 13:09:28 -0000
Reply-to: Bug 90085 <90085@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

> Please let the user decide if using a /tmp noexec mount point is more
secure or not.

That doesn't even make sense. It's a fact that mounting /tmp with
"noexec" doesn't give you any extra security simply because you can
simply circumvent it by invoking the executable with the help of the
dynamic Linux loader.

Anyone who wants to run an exploit can just run "lib64/ld-
linux-x86-64.so.2 /tmp/bla" instead of just "/tmp/bla" and it will just
work. For scripts, you just invoke them through their interpreter.

Adrian

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/90085

Title:
  When /tmp is mounted noexec, preconfigure fails

Status in debconf package in Ubuntu:
  Triaged
Status in debconf package in Debian:
  Confirmed

Bug description:
  Binary package hint: mysql-server

  
  /tmp mounted noexec, this ensues:

  
  Preconfiguring packages ...
  Can't exec "/tmp/mysql-server-5.0.config.89611": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
  open2: exec of /tmp/mysql-server-5.0.config.89611 configure  failed at /usr/share/perl5/Debconf/ConfModule.pm line 57
  mysql-server-5.0 failed to preconfigure, with exit status 2

  ace

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions