Subject: Re: running (DE)INSTALL scripts vs. noexec mounted /var
To: NetBSD Packages Technical Discussion List <tech-pkg@NetBSD.ORG>
From: Greg A. Woods <firstname.lastname@example.org>
Date: 11/09/2001 17:59:01
[ On Friday, November 9, 2001 at 21:53:52 (+0000), David Brownlee wrote: ]
> Subject: Re: running (DE)INSTALL scripts vs. noexec mounted /var
> I think we should really move PKGDBDIR under PREFIX - it should
> never have been under /var/db in the first place.
> Maybe a new version of the pkgtools which would automatically
> detect an old installation, copy the db across to a tmpdir under
> PREFIX, then if all OK rename to the new location, and rename away
> the old. Then we bump PKGTOOLS_REQD :)
That doesn't solve the problem of executable DEINSTALL scripts....
If I have a separate /var that's mounted noexec I might also have a
separate /pkg/var that's also mounted noexec.
Note that setting TMPDIR to an appropriate value in pkg_add's
environment solves the problem of executable INSTALL scripts if /tmp is
mounted noexec. The same doesn't work for DEINSTALL scripts of course,
unless maybe pkg_delete were modified to copy the program to TMPDIR
before trying to execute it.
You probably want to set root's TMPDIR to a secure private area
Greg A. Woods
+1 416 218-0098 VE3TCP <email@example.com> <firstname.lastname@example.org>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>