[Pkg-openldap-devel] Bug#887099: slapd: Cannot execute temporary slapd.conf file in NOEXEC /tmp directory
Peter Wolfe
egberts at yahoo.com
Sat Jan 13 20:05:21 UTC 2018
Package: slapd
Version: 2.4.44+dfsg-5+deb9u1
Severity: normal
Tags: d-i
Dear Maintainer,
Performed a basic install of openldap on Debian Stretch:
apt-get install openldap
And noticed an abberation of Debian installer-specific where it tried
to execute a Perl script in my /tmp directory that has been mounted
with NOEXEC mount option resulting in an error as shown:
# apt install slapd ldap-utils ldapscripts
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libodbc1 pwgen sharutils
Suggested packages:
libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal nslcd
libmyodbc odbc-postgresql tdsodbc unixodbc-bin sharutils-doc bsd-mailx
| mailx
The following NEW packages will be installed:
ldap-utils ldapscripts libodbc1 pwgen sharutils slapd
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,166 kB of archives.
After this operation, 18.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://mirror.cogentco.com/debian stable/main amd64 libodbc1 amd64 2.3.4-1 [214 kB]
Get:2 http://mirror.cogentco.com/debian stable/main amd64 slapd amd64 2.4.44+dfsg-5+deb9u1 [1,428 kB]
Get:3 http://mirror.cogentco.com/debian stable/main amd64 ldap-utils amd64 2.4.44+dfsg-5+deb9u1 [192 kB]
Get:4 http://mirror.cogentco.com/debian stable/main amd64 ldapscripts all 2.0.7-2 [50.4 kB]
Get:5 http://mirror.cogentco.com/debian stable/main amd64 pwgen amd64 2.07-1.1+b1 [19.0 kB]
Get:6 http://mirror.cogentco.com/debian stable/main amd64 sharutils amd64 1:4.15.2-2 [263 kB]
Fetched 2,166 kB in 0s (4,216 kB/s)
Preconfiguring packages ...
Can't exec "/tmp/slapd.config.HQ22eT": Permission denied at /usr/share/perl/5.24/IPC/Open3.pm line 178.
open2: exec of /tmp/slapd.config.HQ22eT configure failed: Permission denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
Selecting previously unselected package libodbc1:amd64.
(Reading database ... 254078 files and directories currently installed.)
Preparing to unpack .../0-libodbc1_2.3.4-1_amd64.deb ...
Unpacking libodbc1:amd64 (2.3.4-1) ...
Selecting previously unselected package slapd.
Preparing to unpack .../1-slapd_2.4.44+dfsg-5+deb9u1_amd64.deb ...
Unpacking slapd (2.4.44+dfsg-5+deb9u1) ...
Selecting previously unselected package ldap-utils.
Preparing to unpack .../2-ldap-utils_2.4.44+dfsg-5+deb9u1_amd64.deb ...
Unpacking ldap-utils (2.4.44+dfsg-5+deb9u1) ...
Selecting previously unselected package ldapscripts.
Preparing to unpack .../3-ldapscripts_2.0.7-2_all.deb ...
Unpacking ldapscripts (2.0.7-2) ...
Selecting previously unselected package pwgen.
Preparing to unpack .../4-pwgen_2.07-1.1+b1_amd64.deb ...
Unpacking pwgen (2.07-1.1+b1) ...
Selecting previously unselected package sharutils.
Preparing to unpack .../5-sharutils_1%3a4.15.2-2_amd64.deb ...
Unpacking sharutils (1:4.15.2-2) ...
Setting up libodbc1:amd64 (2.3.4-1) ...
Processing triggers for install-info (6.3.0.dfsg.1-1+b2) ...
Setting up sharutils (1:4.15.2-2) ...
Setting up ldap-utils (2.4.44+dfsg-5+deb9u1) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25+deb9u1) ...
Setting up slapd (2.4.44+dfsg-5+deb9u1) ...
Creating new user openldap... done.
Creating initial configuration... done.
Creating LDAP directory... done.
insserv: script squid: service squid3 already provided!
Processing triggers for man-db (2.7.6.1-2) ...
Setting up pwgen (2.07-1.1+b1) ...
Setting up ldapscripts (2.0.7-2) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25+deb9u1) ...
The outcome that I expected to see is Perl script not executing their codes
as file but executing these files as Perl script (i.e., perl <file-to-execute>)
-- System Information:
Debian Release: 9.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages slapd depends on:
ii adduser 3.115
ii coreutils 8.26-3
ii debconf [debconf-2.0] 1.5.61
ii libc6 2.24-11+deb9u1
ii libdb5.3 5.3.28-12+deb9u1
ii libgnutls30 3.5.8-5+deb9u3
ii libldap-2.4-2 2.4.44+dfsg-5+deb9u1
ii libltdl7 2.4.6-2
ii libodbc1 2.3.4-1
ii libperl5.24 [libmime-base64-perl] 5.24.1-3+deb9u2
ii libsasl2-2 2.1.27~101-g0780600+dfsg-3
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii perl 5.24.1-3+deb9u2
ii psmisc 22.21-2.1+b2
Versions of packages slapd recommends:
ii libsasl2-modules 2.1.27~101-g0780600+dfsg-3
Versions of packages slapd suggests:
ii ldap-utils 2.4.44+dfsg-5+deb9u1
pn libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi <none>
-- debconf information:
slapd/backend: MDB
slapd/purge_database: false
slapd/ppolicy_schema_needs_update: abort installation
slapd/dump_database_destdir: /var/backups/slapd-VERSION
shared/organization: leo
slapd/password_mismatch:
slapd/domain: leo
slapd/invalid_config: true
slapd/upgrade_slapcat_failure:
slapd/no_configuration: false
slapd/unsafe_selfwrite_acl:
slapd/move_old_database: true
slapd/dump_database: when needed
More information about the Pkg-openldap-devel
mailing list