Bug 653954
| Summary: | osa-dispatcher creates broken links | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Community] Spacewalk | Reporter: | eric | ||||||
| Component: | Server | Assignee: | Jan Pazdziora (Red Hat) <jpazdziora> | ||||||
| Status: | CLOSED NOTABUG | QA Contact: | Red Hat Satellite QA List <satqe-list> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 1.0 | CC: | dosboss64, jpazdziora | ||||||
| Target Milestone: | --- | Keywords: | Reopened | ||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2010-11-21 18:39:49 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 623772 | ||||||||
| Attachments: |
|
||||||||
Created attachment 460846 [details]
Output of Nessus
This is the finding from Nessus.
Taking. I believe this has nothing to do with osa-dispatcher, even less with osa-dispatcher creating the file, even less with osa-dispatcher creating a link. The line reported by lsof is txt (the python program), and it is shown as deleted. The line also says that it's type REG, meaning regular file, not link. It also says that the file was already deleted. And it shows its name as /usr/bin/python.#prelink#. What I believe has happened on your system was that Spacewalk (and thus osa-dispatcher) was started on your system, and then prelink was run. Which resulted in regeneration of /usr/bin/python but obviously osa-dispatcher is still running using the original text of /usr/bin/python. I believe that the bug is actually in the Nessus software which for some reason reports deleted program text named /usr/bin/python.#prelink# as broken link. Closing as NOTABUG, please reopen if you disagree. I verified the broken link by hand to make sure what Nessus was detecting was, in fact, there. (In reply to comment #4) > I verified the broken link by hand to make sure what Nessus was detecting was, > in fact, there. What was the broken link then? Can you show me the ls -l of that broken link? Are you planning on submitting bugzilla for every product where the text gets prelinked while the daemon is running? The broken link, from the attached output of lsof, is: osa-dispa 4666 root txt REG 8,3 4736 2750846 /usr/bin/python.#prelink# (deleted) If this behavior is expected and understood I'll pass that along to my security officer. As of now I have an unexplained broken link that has been identified as a potentially high finding. |
Created attachment 460844 [details] Output of lsof Description of problem: While performing a Nessus security scan a vulnerability is found showing a broken link. The broken link is occurring in /usr/bin/python.#prelink#. Version-Release number of selected component (if applicable): osa-dispatcher.noarch 5.9.31-1.el5 How reproducible: Always Steps to Reproduce: 1. Start Spacewalk 2. sudo /usr/sbin/lsof -i tcp:1290 -P -R 3. sudo /usr/sbin/lsof -p 4666 Actual results: osa-dispa 4666 root txt REG 8,3 4736 2750846 /usr/bin/python.#prelink# (deleted) Expected results: No broken links Additional info: See attachments...