Bug#481295: marked as done (Preconfiguring of openssh-servers fails due to mount option "noexec" on /tmp)

Debian Bug Tracking System Sun, 01 Jan 2023 12:57:23 -0800

Your message dated Sun, 01 Jan 2023 20:52:56 +0000
with message-id <e1pc5kc-005agj...@fasolo.debian.org>
and subject line Bug#223683: fixed in debconf 1.5.81
has caused the Debian Bug report #223683,
regarding Preconfiguring of openssh-servers fails due to mount option "noexec" 
on /tmp
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
223683: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=223683
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: openssh-server
Version: 1:4.3p2-9etch1
Severity: important

Just updated openssh-* and got this message:
[...]
Preconfiguring packages ...
Can't exec "/tmp/openssh-server.config.35001": Permission denied at 
/usr/share/perl/5.8/IPC/Open3.pm line 168.
open2: exec of /tmp/openssh-server.config.35001 configure 1:4.3p2-9 failed at 
/usr/share/perl5/Debconf/ConfModule.pm line 58
openssh-server failed to preconfigure, with exit status 9
[...]

This error comes due to mount options for /tmp:
/dev/md1 on / type ext3 (rw,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
/dev/mapper/vg00-home_lv on /home type ext3 
(rw,nosuid,nodev,acl,usrquota,grpquota)
/dev/mapper/vg00-tmp_lv on /tmp type ext3 (rw,noexec,nosuid,nodev)
/dev/mapper/vg00-usr_lv on /usr type ext3 (rw,nodev)
/dev/mapper/vg00-var_lv on /var type ext3 (rw,nosuid,nodev)
/dev/mapper/vg00-varlog_lv on /var/log type ext3 (rw,noexec,nosuid,nodev)
/dev/mapper/vg00-varspoolsquid_lv on /var/spool/squid type ext3 
(rw,noexec,nosuid,nodev)
/dev/mapper/vg00-vartmp_lv on /var/tmp type ext3 (rw,noexec,nosuid,nodev)


I believe it is legal to mount /tmp without binary exec support for
security improvement. Executing scripts from /tmp is IMHO a very bad
idea.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24.3
Locale: LANG=C, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages openssh-server depends on:
ii  add 3.102                                Add and remove users and groups
ii  deb 1.5.11etch1                          Debian configuration management sy
ii  dpk 1.13.25                              package maintenance system for Deb
ii  lib 2.3.6.ds1-13etch5                    GNU C Library: Shared libraries
ii  lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii  lib 1.4.4-7etch5                         MIT Kerberos runtime libraries
ii  lib 0.79-5                               Pluggable Authentication Modules f
ii  lib 0.79-5                               Runtime support for the PAM librar
ii  lib 0.79-5                               Pluggable Authentication Modules l
ii  lib 1.32-3                               SELinux shared libraries
ii  lib 0.9.8c-4etch3                        SSL shared libraries
ii  lib 7.6.dbs-13                           Wietse Venema's TCP wrappers libra
ii  ope 0.1.1                                list of blacklisted OpenSSH RSA an
ii  ope 1:4.3p2-9etch1                       Secure shell client, an rlogin/rsh
ii  zli 1:1.2.3-13                           compression library - runtime

openssh-server recommends no packages.

-- debconf information excluded

--- End Message ---

--- Begin Message ---

Source: debconf
Source-Version: 1.5.81
Done: Colin Watson <cjwat...@debian.org>

We believe that the bug you reported is fixed in the latest version of
debconf, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 223...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated debconf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 01 Jan 2023 20:27:59 +0000
Source: debconf
Architecture: source
Version: 1.5.81
Distribution: unstable
Urgency: medium
Maintainer: Debconf Developers <debconf-de...@lists.alioth.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 223683 369953 657626 737392 929417 968814
Changes:
 debconf (1.5.81) unstable; urgency=medium
 .
   [ martin f krafft ]
   * confmodule: Allow use from scripts with "set -u" (closes: #369953).
 .
   [ Colin Watson ]
   * dpkg-preconfigure: Extract into /var/cache/debconf/tmp.ci, to avoid
     problems if /tmp is mounted noexec (closes: #223683, LP: #90085).
   * dpkg-reconfigure: Document --terse (closes: #737392).
 .
   [ Jakub Wilk ]
   * debconf-get-selections: Sort output by question name (closes: #968814).
 .
   [ Matthijs Kooijman ]
   * Display unsupported commands in debug logging (closes: #657626).
 .
   [ Anders Kaseorg ]
   * Make Readline frontend check that stdin is a tty (closes: #929417).
Checksums-Sha1:
 c000c0e486d97966b25b0b480e1e9188e7cd4708 2035 debconf_1.5.81.dsc
 6d99811bffe858a9e91dbf2786cf1a5760c32a77 571648 debconf_1.5.81.tar.xz
Checksums-Sha256:
 df592dedb028c311bd18082b9b1b28735a1653b41fd30ced5977bc1fb697351f 2035 
debconf_1.5.81.dsc
 3cc3bbc431ed2dbba8a084cea244af6e32299699477f09a5fbd380c0e1572183 571648 
debconf_1.5.81.tar.xz
Files:
 0944adb1f495f9c3c9b9540faeeeb8cc 2035 admin optional debconf_1.5.81.dsc
 88e44c1a9b88312b632193da05c4b5fc 571648 admin optional debconf_1.5.81.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmOx7PAACgkQOTWH2X2G
UAuqbg/7Blz5ylZizwY1cnygEcKYQPzmBggSvvhIyBkEPv/w0ZsWSvadnaYjdpOk
DRCnUfQdJmidDB8LOmHwFl7/cZyXTvcw58gmzQoorwRonPGnXmZWzudEUa+3pCEi
xchOQONTD8KCoSccw2YG2UeixAeIrDXVlOMvlWjeFZAl3lBeXcUiCyjiV4q7cW28
zfgU6EhAVV+NxoQd5yMAPWnsGV/x4DGlrAY1AfSUj17Fij+i6/OB0LWKuuIuAMPu
LIPOPvUAC+EK0d08xW4Hyr5ey5Z5Ew8sqC5ch75Wy1xBCn992PuY1Dh0YSi0DWs2
OjmdICAV3ZFsAntYvsG41XdgffVAu/V1KJ1wMwlscHXbZ0JSaWg2KlOFxXztTdSw
ND8Bjtmxzda+f93gUntT3E7A8/LvLdLZCDgcfM1qhOuyQroMB+2fBHZ/b1US4Y1E
t0IjCx1QhiRVM/4T0TMkdeYTTWupWAW1iot1jTqV0/tHQ4GVU+Asur1nuOhlICMM
RqG15yLpgBpel74aP2mSjNbhHMBqvvZShB9fy8PJNvDIIFJ/7CPwB4vTHYBgt7R+
s3fu5RNhksm6235w0HBdm+lIhrHDJpyik1arYkzYK5e7w11VEZ6XFVYlxRgBWZ7S
xlRCtd4LwvseqKvoYddEhykZAYELrBunYDCkkJ173NZysz+B4/8=
=PsVl
-----END PGP SIGNATURE-----

--- End Message ---

Bug#481295: marked as done (Preconfiguring of openssh-servers fails due to mount option "noexec" on /tmp)

Reply via email to