Comment 2 for bug 2043711

This is not a security bug, or a bug at all in perl.

Software that executes commands under /tmp is not intrinsically insecure. Various hardening guides recommend mounting /tmp noexec because it's harder for programmers to get security handling of files under /tmp *right*; but an attempt to execute a command under /tmp is not evidence that the programmer has gotten it wrong.

The perl package did not create the file /tmp/ubuntu-drivers-common.config.55GJ8b and try to execute it. This was done by some other software that then invoked perl to try to execute it. Perl should not refuse to try to execute the command because the path starts with "/tmp", it should do what it has been asked to do.

The specific path in use is suggestive of a debconf config script that has been unpacked as part of the apt "pre-configuration" stage and is being run from a temporary directory. However, the normal interface for this is /usr/sbin/dpkg-preconfigure as invoked via /etc/apt/apt.conf.d/70debconf; and dpkg-preconfigure explicitly specifies to extract the config script to /var/cache/debconf/tmp.ci in order to avoid site policies that restrict execution of binaries under /tmp. So I do not know why this script has been unpacked to /tmp on your system; that does not appear to be the normal flow of operation (and also has not been, for decades).

Since there is not a confirmed securtiy bug here, and since I don't know where those files on your system came from, I am closing this bug invalid. If you can provide further information that would show this path is coming from an Ubuntu package, it would be appropriate to reopen the bug report and assign it to the corresponding package.

I am also marking this as a public non-security bug.