Bug 483567 - NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin
NOCpulse::SetID stats /root/bin, also stats ROOT:/usr/local/sbin and ROOT:/sbin
Status: CLOSED CURRENTRELEASE
Product: Spacewalk
Classification: Community
Component: Server (Show other bugs)
0.4
All Linux
low Severity medium
: ---
: ---
Assigned To: Miroslav Suchý
Red Hat Satellite QA List
:
Depends On:
Blocks: space05
  Show dependency treegraph
 
Reported: 2009-02-02 08:53 EST by Jan Pazdziora
Modified: 2009-09-17 03:09 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-17 03:09:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Pazdziora 2009-02-02 08:53:35 EST
Description of problem:

When monitoring scout is enabled in Spacewalk WebUI, the following AVC denial is logged:

avc:  denied  { search } for  pid=25506 comm="gogo.pl" name="root" dev=dm-0 ino=2450401 scontext=root:system_r:spacewalk_monitoring_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir

So something tries to search /root.

By stracing Tomcat and its children, I came to suspect code in

  monitoring/PerlModules/NP/SetID/SetID.pm

which does

##########
sub path {
##########
  my $self = shift;
  my @path;
  my @candidates = (join('/', $self->env('HOME'), 'bin'), @BASEPATH);

  foreach my $dir (@candidates) {
    next if (/^ROOT:/ and $self->euid != 0 and $self->ruid != 0);
    s/^ROOT://;
    push(@path, $dir) if (-d $dir);
  }

  return join(":", @path);
}

Version-Release number of selected component (if applicable):

perl-NOCpulse-SetID-1.6.8-1.el5

How reproducible:

Deterministic.

Steps to Reproduce:
1. Enable monitoring, enable monitoring scout.
2. See /var/log/audit/autid.log.
  
Actual results:

The denial above.

Expected results:

No denial. And no statting "ROOT:..." paths in strace.

Additional info:
Comment 1 Miroslav Suchý 2009-02-18 09:01:48 EST
Fixed in:
ae7dd13ad1d27bbf06de2c14bd87072021cd9742
d6f1782b00ceb40dee771db565ecd0ff595bb7fb
Package:
perl-NOCpulse-SetID-1.6.11-1
Comment 2 Jesus M. Rodriguez 2009-02-24 16:31:19 EST
moving back to space05
Comment 3 Jesus M. Rodriguez 2009-04-14 10:12:39 EDT
Spacewalk 0.5 released.
Comment 4 Miroslav Suchý 2009-09-17 03:09:52 EDT
Spacewalk 0.5 has been released for long time ago.

Note You need to log in before you can comment on or make changes to this bug.