Open3.pm tries to run code in /tmp when preconfiguring packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
debconf (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
During update of ubuntu-
Can't exec "/tmp/ubuntu-
open2: exec of /tmp/ubuntu-
denied at /usr/share/
Preconfiguring packages ...
Can't exec "/tmp/ubuntu-
open2: exec of /tmp/ubuntu-
denied at /usr/share/
/tmp is mounted with noexec because running code from /tmp has been a vulnerability vector for several decades, hence reporting this as a vulnerability in perl-base.
This error did not appear to prevent the update of ubuntu-
_______
Attempting to use the package search on this form by clicking the 🔍 created a modal in which there is an error
Sorry, something went wrong with your search. We've recorded what happened, and we'll fix it as soon as possible. (Error ID: OOPS-c80f71590b02908a1187b9f743c53eac)
which is repeated with any attempt to search for a package.
_______
Submitting this form gives an error
"perl-base" does not exist in Ubuntu. Please choose a different package. If you're unsure, please select "I don't know"
$ dpkg -S /usr/lib/
perl-base: /usr/lib/
$ dpkg -l perl-base
Desired=
| Status=
|/ Err?=(none)
||/ Name Version Architecture Description
+++-=
ii perl-base 5.34.0-3ubuntu1.2 amd64 minimal Perl system
Looks like a package to me. Nevertheless, using "Did you mean..." offers "perl".
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: perl-base 5.34.0-3ubuntu1.2
ProcVersionSign
Uname: Linux 6.5.0-1007-oem x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Thu Nov 16 10:08:48 2023
InstallationDate: Installed on 2016-04-23 (2763 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
ProcEnviron:
TERM=rxvt
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: perl
UpgradeStatus: Upgraded to jammy on 2022-08-19 (453 days ago)
summary: |
- Open3.pm tries to run from /tmp when updating ubuntu-drivers-common + Open3.pm tries to run code in /tmp when updating ubuntu-drivers-common |
This is not a security bug, or a bug at all in perl.
Software that executes commands under /tmp is not intrinsically insecure. Various hardening guides recommend mounting /tmp noexec because it's harder for programmers to get security handling of files under /tmp *right*; but an attempt to execute a command under /tmp is not evidence that the programmer has gotten it wrong.
The perl package did not create the file /tmp/ubuntu- drivers- common. config. 55GJ8b and try to execute it. This was done by some other software that then invoked perl to try to execute it. Perl should not refuse to try to execute the command because the path starts with "/tmp", it should do what it has been asked to do.
The specific path in use is suggestive of a debconf config script that has been unpacked as part of the apt "pre-configuration" stage and is being run from a temporary directory. However, the normal interface for this is /usr/sbin/ dpkg-preconfigu re as invoked via /etc/apt/ apt.conf. d/70debconf; and dpkg-preconfigure explicitly specifies to extract the config script to /var/cache/ debconf/ tmp.ci in order to avoid site policies that restrict execution of binaries under /tmp. So I do not know why this script has been unpacked to /tmp on your system; that does not appear to be the normal flow of operation (and also has not been, for decades).
Since there is not a confirmed securtiy bug here, and since I don't know where those files on your system came from, I am closing this bug invalid. If you can provide further information that would show this path is coming from an Ubuntu package, it would be appropriate to reopen the bug report and assign it to the corresponding package.
I am also marking this as a public non-security bug.