Ubuntu
debconf package

  1. Bug #90085
  2. Comment #12

Comment 12 for bug 90085

Revision history for this message
In , Colin Watson (cjwatson) wrote : Re: Bug#481295: Preconfiguring of openssh-servers fails due to mount option "noexec" on /tmp

reassign 481295 debconf
forcemerge 223683 481295
thanks

On Thu, May 15, 2008 at 08:05:44AM +0200, Meinhard Schneider wrote:
> Package: openssh-server
> Version: 1:4.3p2-9etch1
> Severity: important
>
> Just updated openssh-* and got this message:
> [...]
> Preconfiguring packages ...
> Can't exec "/tmp/openssh-server.config.35001": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168.
> open2: exec of /tmp/openssh-server.config.35001 configure 1:4.3p2-9 failed at /usr/share/perl5/Debconf/ConfModule.pm line 58
> openssh-server failed to preconfigure, with exit status 9
> [...]

This is a well-known and long-standing behaviour of debconf, and not
anything that openssh itself is doing specially. Note that the noexec
option is fairly useless for security purposes (except to slow people
down a little bit) as you could in principle just run the script
manually through an appropriate interpreter.

> I believe it is legal to mount /tmp without binary exec support for
> security improvement. Executing scripts from /tmp is IMHO a very bad
> idea.

If you want to do this, you need to remount it exec while installing
Debian packages.

Cheers,

--
Colin Watson [<email address hidden>]