[Debconf-devel] Bug#774451: sane-utils: preconfigure of package sane-utils fails when /tmp is mounted noexec
pada
pada at posteo.de
Sat Jan 3 23:41:03 UTC 2015
John Paul Adrian Glaubitz wrote:
> On 01/03/2015 01:56 PM, John Paul Adrian Glaubitz wrote:
> > I rather tend to mark this as "wontfix" as it is pretty much inevitable
> > to run scripts when installing or removing packages. sane-utils is
> > certainly not the only package affected.
>
> Add to that that mounting /tmp "noexec" doesn't really gain you any
> extra security as any attacker could just run a malicious binary
> in /tmp by invoking the Linux loader with "/lib64/ld-linux-x86-64.so.2
> /tmp/bla" or with the help of the interpretor in the case of scripts.
You're absolutely right.
> Also, this would be rather a bug in debconf than in sane-utils,
> re-assigning and merging therefore as this bug has already
> been reported multiple times.
I have verified the following as a valid workaround, thanks:
cat > /etc/apt/apt.conf.d/00remount-tmp <<EOF
DPkg {
Pre-Invoke {
"mount -o remount,exec /tmp";
}
Post-Invoke {
"mount -o remount /tmp";
}
}
EOF
The security issue with /tmp, tmpfs etc. is that they are
accessible by unprivileges users there is a timespan when
exec is enabled while dpkg is running.
A more permanent solution would be to have a separate TMPDIR
for apt/debconf/dpkg which is only accessible by the user
running dpkg and requires the exec flag enabled.
More information about the Debconf-devel
mailing list