Subject: Re: running (DE)INSTALL scripts vs. noexec mounted /var
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Greg A. Woods <>
List: tech-pkg
Date: 11/09/2001 17:59:01
[ On Friday, November 9, 2001 at 21:53:52 (+0000), David Brownlee wrote: ]
> Subject: Re: running (DE)INSTALL scripts vs. noexec mounted /var
> 	I think we should really move PKGDBDIR under PREFIX - it should
> 	never have been under /var/db in the first place.
> 	Maybe a new version of the pkgtools which would automatically
> 	detect an old installation, copy the db across to a tmpdir under
> 	PREFIX, then if all OK rename to the new location, and rename away
> 	the old. Then we bump PKGTOOLS_REQD :)

That doesn't solve the problem of executable DEINSTALL scripts....

If I have a separate /var that's mounted noexec I might also have a
separate /pkg/var that's also mounted noexec.

Note that setting TMPDIR to an appropriate value in pkg_add's
environment solves the problem of executable INSTALL scripts if /tmp is
mounted noexec.  The same doesn't work for DEINSTALL scripts of course,
unless maybe pkg_delete were modified to copy the program to TMPDIR
before trying to execute it.

You probably want to set root's TMPDIR to a secure private area

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>     <>
Planix, Inc. <>;   Secrets of the Weird <>