For some time now, in order to add a bit of security I have made /tmp noexec. However I noticed recently looking at the messages scrolling up the screen that some update configuration scripts were failing as they were trying to be executed in /tmp. After googling I found this article:
http://www.debian-administration.org/articles/57 Which said to fix this do the following: Add the following to the file /etc/apt/apt.conf: DPkg::Pre-Invoke{"mount -o remount,exec /tmp";}; DPkg::Post-Invoke {"mount -o remount /tmp";}; This contains two lines, one running before any packing installation and one afterwards. They merely execute the commands required to add and remove the execute permissions on the /tmp Unfortunately this article was written in 2004, and it seems that there's no longer a file /etc/apt/apt.conf How could I amend the configuration of apt to fix this? Alternatively, as a workaround I thought of writing a script along the lines of: mount -o remount,exec /tmp aptitude update && aptitude safe-upgrade mount -o remount /tmp If I run this script as root, instead of letting the update manager do the work, would it do the upgrade properly? (Running Lenny) I also wonder whether the updates I have done which have not allowed scripts to run in /tmp have somehow compromised my system and if so would appreciate any advice as to how to correct this.
