Comment 7 for bug 2043711

On Mon, Nov 20, 2023 at 08:50:05PM -0000, Andrew J. Caines wrote:
> You are of course quite right that the risk associated with a file
> created with a "random" six character case-insensitive alphanumeric
> suffix and run a moment later is far smaller than more obviously risky
> misuses of /tmp.

No. The use of a random filename is not a security feature; it is a
mechanism to avoid filename *collisions* (either accidental or as part of a
denial of service).

> or if the code checks for the presence of the file before trying to create
> it (which I trust it does)

That is not how you securely handle temp files.

I'm sorry, but you have a very incomplete understanding of how secure temp
file handling works.

You have /tmp mounted noexec on your system. This is fine, and supported.

It is not a protection against vulnerable system code. It is a mechanism to
protect against attackers from writing payload code to /tmp and then
executing it.

System software must handle temp files under /tmp securely *independently of
whether the files it's writing are intended to be executed*.

You have something on your system trying to write a file to /tmp and then
execute it. That should be fixed. But it's not a bug in perl, and it's not
a bug in apt-utils, and it's entirely unclear what code is doing this since
this in not part of the standard debconf code path.

If you can identify where this is coming from in Ubuntu, we can reassign the
bug report and get it fixed.

The rest is off-topic for an Ubuntu bug report.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
<email address hidden> <email address hidden>