[Bug 2043711] Re: Open3.pm tries to run code in /tmp when preconfiguring packages

Andrew Daugherity 2043711 at bugs.launchpad.net
Thu Apr 10 20:25:54 UTC 2025 

I think the person in comment 12 must be running a newer version of Ubuntu and/or debconf.  On 22.04 with debconf 1.5.79ubuntu1, the line looks like this:
    if (system("apt-extracttemplates", @collect) != 0) {

No tempdir setting to be found!  Also note that 'readlink -f' will still
output when the last path component doesn't exist, as it doesn't on my
22.04 system.

According to the debconf changelog, the upstream Debian bug 223683 was
fixed in debconf 1.5.81.  Ubuntu 24.04 has 1.5.86 but 22.04 and older do
not have this fix.

This is 100% reproducible for me on 22.04 by:
- mounting /tmp noexec
- apt reinstall linux-base (this happened to be a small, recently-updated package whose preconfigured script fails)

Combining the tempdir used in newer debconf plus the apt.conf setting in https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/comments/23, I came up with this workaround (from root shell):
# mkdir /var/cache/debconf/tmp.ci
# echo 'APT::ExtractTemplates::TempDir "/var/cache/debconf/tmp.ci";' > /etc/apt/apt.conf.d/71debconf-tmpdir

Now 'apt reinstall linux-base' no longer has errors preconfiguring
packages.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to debconf in Ubuntu.
https://bugs.launchpad.net/bugs/2043711

Title:
  Open3.pm tries to run code in /tmp when preconfiguring packages

Status in debconf package in Ubuntu:
  New

Bug description:
  During update of ubuntu-drivers-common:

    Can't exec "/tmp/ubuntu-drivers-common.config.55GJ8b": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178, <GEN0> line 1.
  open2: exec of /tmp/ubuntu-drivers-common.config.55GJ8b configure 1:0.9.6.2~0.22.04.4 failed: Permission 
    denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.
    Preconfiguring packages ...
    Can't exec "/tmp/ubuntu-drivers-common.config.uSPrCH": Permission denied at /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm line 178, <GEN0> line 1.
    open2: exec of /tmp/ubuntu-drivers-common.config.uSPrCH configure 1:0.9.6.2~0.22.04.4 failed: Permission 
    denied at /usr/share/perl5/Debconf/ConfModule.pm line 59.

  /tmp is mounted with noexec because running code from /tmp has been a
  vulnerability vector for several decades, hence reporting this as a
  vulnerability in perl-base.

  This error did not appear to prevent the update of ubuntu-drivers-
  common and "dpkg --verify ubuntu-drivers-common" returns 0.

  ___________________________________________________________________________________________________________

  Attempting to use the package search on this form by clicking the 🔍
  created a modal in which there is an error

    Sorry, something went wrong with your search. We've recorded what
  happened, and we'll fix it as soon as possible. (Error ID:
  OOPS-c80f71590b02908a1187b9f743c53eac)

  which is repeated with any attempt to search for a package.

  ___________________________________________________________________________________________________________

  Submitting this form gives an error

    "perl-base" does not exist in Ubuntu. Please choose a different
  package. If you're unsure, please select "I don't know"

    $ dpkg -S /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm
    perl-base: /usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm
    $ dpkg -l perl-base
    Desired=Unknown/Install/Remove/Purge/Hold
    | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
    |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
    ||/ Name           Version           Architecture Description
    +++-==============-=================-============-=============================>
    ii  perl-base      5.34.0-3ubuntu1.2 amd64        minimal Perl system

  Looks like a package to me. Nevertheless, using "Did you mean..."
  offers "perl".

  ProblemType: Bug
  DistroRelease: Ubuntu 22.04
  Package: perl-base 5.34.0-3ubuntu1.2
  ProcVersionSignature: Ubuntu 6.5.0-1007.7-oem 6.5.3
  Uname: Linux 6.5.0-1007-oem x86_64
  ApportVersion: 2.20.11-0ubuntu82.5
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Nov 16 10:08:48 2023
  InstallationDate: Installed on 2016-04-23 (2763 days ago)
  InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
  ProcEnviron:
   TERM=rxvt
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: perl
  UpgradeStatus: Upgraded to jammy on 2022-08-19 (453 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/2043711/+subscriptions

More information about the foundations-bugs mailing list