[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
@jblainemitre indeed - but presumably one can pick any directory? I'm assuming there's no particular requirement that the selected dir is world-writeable like /tmp and /var/tmp (or at least there doesn't seem to be in my setup?) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
On Ubuntu 18.04 with noexec on /tmp running 'apt-get install -y selinux' and then doing a required reboot will give you a non-booting host. As an aside, the same security guidance (CIS Benchmarks for one) about noexec on /tmp should be applied to /var/tmp, so changing APT::ExtractTemplates::TempDir to "/var/tmp"; isn't really an option here in the long run. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
My workaround uses a dedicated directory for apt that is noexec as well but becomes temporally during installs: /etc/fstab: tmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0 tmpfs /var/tmp/apt tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0 /etc/apt/apt.conf.d/71tmpapt (or whatever): DPkg { Pre-Invoke { "mount /var/tmp/apt -o remount,exec" }; Post-Invoke { "mount /var/tmp/apt -o remount,noexec" }; }; APT::ExtractTemplates::TempDir "/var/tmp/apt"; Since the mount point must(?) exist for any mount point specified in /etc/fstab I put the apt dir into /var/tmp because its contents are persistent (unlike /tmp's). It's not very throughly tested yet... ymmv. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
I found this discussion / bug thread while looking for a solution to an inability to install packages on a VPS in my Dreamhost account. Dreamhost has /tmp mounted with noexec and there's some kind of permission preventing me from remounting it to turn off noexec. I don't know the ins and outs of whether it's a good idea or not to make /tmp noexec, whether it adds more security or not. Fact is that Dreamhost chose to set up their VPS's so /tmp is noexec and to prevent us from changing that setting. This same configuration choice already tripped me up yesterday while trying to install PECL packages ... and there's a workaround in PECL to configure a different tempdir. Thankfully the configuration setting in #19 does the trick. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
> by invoking the executable with the help of the dynamic Linux loader. Although you are right, in real world vulnerability exploitation you often don't control much of the environment, sometimes even the way an executable gets executed. The reason most people mount tmp with noexec is that it is world writable. Thanks to that, even services with explicit reduced rights can leverage the file system when remotely exploiting a vulnerability. By using noexec (and nodev, nosuid...) you add security. You don't make it impossible to exploit, you make it more difficult. Why do you think ASLR, DEP and many other protection techniques are still very much in use, while they are constantly circumvented ? Difficulty of exploitation is one of the major points of risk management. With a bit of effort, you grow the resources needed to exploit a vulnerability, which in turn makes it less likely to be exploited. While comment #19 already stated a valid workaround for this bug, it would really be a good sign if security aware parties would join the discussion... even after 8 years. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
> Please let the user decide if using a /tmp noexec mount point is more secure or not. That doesn't even make sense. It's a fact that mounting /tmp with "noexec" doesn't give you any extra security simply because you can simply circumvent it by invoking the executable with the help of the dynamic Linux loader. Anyone who wants to run an exploit can just run "lib64/ld- linux-x86-64.so.2 /tmp/bla" instead of just "/tmp/bla" and it will just work. For scripts, you just invoke them through their interpreter. Adrian -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
In shared hosting environments, even root may not have control over mount points, so "Don't do that" and "noexec is useless" are not useful replies. APT::ExtractTemplates::TempDir "/var/tmp"; Is useful, however. Thank you, Hans. (In my case, /var/tmp is also noexec, but I can set it to something else completely.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
What exactly ConfModule.pm do on "preconfigure" stage and why running from /tmp is necessary? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
Seconded. I've seen and been annoyed by the horkage. Ogres, onions, and security all have layers. -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
Please let the user decide if using a /tmp noexec mount point is more secure or not. I think it is, for many reasons, and I'm a security analyst. Of course it can bring a false sense of security, like everything else, but do we give up firewalls, IDS and even passwords for the same reason? No security system is flawless -- but more security systems can increase the security anyway. We could discuss that for weeks, but I think that debconf should at least read the TEMP or TEMPDIR environment variable and always use that directory for temporary files, no matter the reason. If there already is a way to make debconf use another directory instead of /tmp, please let me know and close this bug report accordingly. -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
** Changed in: debconf (Debian) Status: Unknown => Confirmed -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
Precisely so: don't do that. It's not like noexec actually buys you any real security, as the system is riddled with workarounds for it (e.g. you can trivially execute a non-executable script in most scripting languages simply by explicitly using the interpreter name). ** Bug watch added: Debian Bug tracker #223683 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683 ** Also affects: debconf (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683 Importance: Unknown Status: Unknown ** Changed in: debconf (Ubuntu) Importance: Undecided => Wishlist Status: New => Triaged -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
ConfModule.pm is part of debconf. However, I suspect that the debconf developers will say that running with /tmp noexec is not supported. Ie, Don't Do That Then. ** Changed in: debconf (Ubuntu) Sourcepackagename: dpkg => debconf -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
This has nothing to do with mysql-dfsg-5.0 package. It may be an issue with dpkg. ** Changed in: dpkg (Ubuntu) Sourcepackagename: mysql-dfsg-5.0 => dpkg -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 90085] Re: When /tmp is mounted noexec, preconfigure fails
I'm not an expert, but I'd try adding these two lines to /etc/apt/apt.conf: DPkg::Pre-Invoke {"mount -o remount,exec /tmp";}; DPkg::Post-Invoke {"mount -o remount /tmp";}; This should remount /tmp as exec long enough for preconfigure packages with apt, then remount again as noexec after finished installing. Alternately, I believe something like this would work as well in case you'd prefer to avoid remounting. APT::ExtractTemplates::TempDir "/var/tmp"; (In this case, /var/tmp would have to be mounted as exec though.) -- When /tmp is mounted noexec, preconfigure fails https://bugs.launchpad.net/bugs/90085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs