> > I suspect this isn't something Debian can fix and make go away. > > Following discussion here a few weeks ago, I tweaked several of my > partition mount options, specifically disallowing suid, dev, and exec > privileges on a number of partitions. I suspect 'noexec' is going to be > a bit problematic in a number of places. I've since changed /var to > allow 'exec' privileges. >
dpkg stores its info in /var/lib/dpkg/info. Files in there are package maintainer scripts, they must be executable. So, at least that much of /var must be too. moving those scripts could be hard, and would also have to be handled as an upgrade path.
