483567 – NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin

Bug 483567 - NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin

Summary: NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Server
Sub Component:
Version:	0.4
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Suchý
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space05
TreeView+	depends on / blocked

Reported:	2009-02-02 13:53 UTC by Jan Pazdziora (Red Hat)
Modified:	2009-09-17 07:09 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-09-17 07:09:52 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jan Pazdziora (Red Hat) 2009-02-02 13:53:35 UTC

Description of problem:

When monitoring scout is enabled in Spacewalk WebUI, the following AVC denial is logged:

avc:  denied  { search } for  pid=25506 comm="gogo.pl" name="root" dev=dm-0 ino=2450401 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir

So something tries to search /root.

By stracing Tomcat and its children, I came to suspect code in

  monitoring/PerlModules/NP/SetID/SetID.pm

which does

##########
sub path {
##########
  my $self = shift;
  my @path;
  my @candidates = (join('/', $self->env('HOME'), 'bin'), @BASEPATH);

  foreach my $dir (@candidates) {
    next if (/^ROOT:/ and $self->euid != 0 and $self->ruid != 0);
    s/^ROOT://;
    push(@path, $dir) if (-d $dir);
  }

  return join(":", @path);
}

Version-Release number of selected component (if applicable):

perl-NOCpulse-SetID-1.6.8-1.el5

How reproducible:

Deterministic.

Steps to Reproduce:
1. Enable monitoring, enable monitoring scout.
2. See /var/log/audit/autid.log.
  
Actual results:

The denial above.

Expected results:

No denial. And no statting "ROOT:..." paths in strace.

Additional info:

Comment 1 Miroslav Suchý 2009-02-18 14:01:48 UTC

Fixed in:
ae7dd13ad1d27bbf06de2c14bd87072021cd9742
d6f1782b00ceb40dee771db565ecd0ff595bb7fb
Package:
perl-NOCpulse-SetID-1.6.11-1

Comment 2 Jesus M. Rodriguez 2009-02-24 21:31:19 UTC

moving back to space05

Comment 3 Jesus M. Rodriguez 2009-04-14 14:12:39 UTC

Spacewalk 0.5 released.

Comment 4 Miroslav Suchý 2009-09-17 07:09:52 UTC

Spacewalk 0.5 has been released for long time ago.

Note You need to log in before you can comment on or make changes to this bug.