Hello Bob, hello list!
On Tue, Dec 21, 2004 at 03:21:00PM +0100, Bob Alexander wrote:
[...] dpkg (subprocess): unable to execute post-removal script: Permission denied dpkg: error processing gtkhtml3.2 (--remove): subprocess post-removal script returned error exit status 2 [...] /dev/hda10 /tmp ext3 rw,noexec,nosuid,nodev 0 0
"Be careful if setting /tmp noexec when you want to install new software, since some programs might use it for installation. Apt is one such program (see http://bugs.debian.org/116448) if not configured properly APT::ExtractTemplates::TempDir (see apt-extracttemplates(1)). You can set this variable in /etc/apt/apt.conf to another directory with exec privileges other than /tmp."
/dev/hda8 /var ext3 rw,noexec,nosuid,nodev 0 0
"(dpkg's) installation (post,pre) and removal (post,pre) scripts are at /var/lib/dpkg/", so better don't mount it noexec.
See <http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9> for reference. BTW, the ld-linux trick to circumvent noexec won't work anymore with recent kernels.
HTH, Flo
Tschuess Flo. You're GREAT !!!
I tried mounting those filesystems in that way as a side security measure but the hassles I have run into make me believe that probably I'd better leave them exec and rw all the times :(
Take care, Bob
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
