Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 653954 - osa-dispatcher creates broken links
Summary: osa-dispatcher creates broken links
Alias: None
Product: Spacewalk
Classification: Community
Component: Server
Version: 1.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Jan Pazdziora
QA Contact: Red Hat Satellite QA List
Depends On:
Blocks: space12
TreeView+ depends on / blocked
Reported: 2010-11-16 14:32 UTC by eric
Modified: 2010-11-22 15:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-11-21 18:39:49 UTC

Attachments (Terms of Use)
Output of lsof (7.89 KB, text/plain)
2010-11-16 14:32 UTC, eric
no flags Details
Output of Nessus (959 bytes, text/plain)
2010-11-16 14:34 UTC, eric
no flags Details

Description eric 2010-11-16 14:32:36 UTC
Created attachment 460844 [details]
Output of lsof

Description of problem: While performing a Nessus security scan a vulnerability is found showing a broken link.  The broken link is occurring in /usr/bin/python.#prelink#.

Version-Release number of selected component (if applicable):
osa-dispatcher.noarch  5.9.31-1.el5 

How reproducible: Always

Steps to Reproduce:
1. Start Spacewalk
2. sudo /usr/sbin/lsof -i tcp:1290 -P -R
3. sudo /usr/sbin/lsof -p 4666
Actual results:
osa-dispa 4666 root  txt    REG    8,3     4736 2750846 /usr/bin/python.#prelink# (deleted)

Expected results:
No broken links

Additional info: See attachments...

Comment 1 eric 2010-11-16 14:34:52 UTC
Created attachment 460846 [details]
Output of Nessus

This is the finding from Nessus.

Comment 2 Jan Pazdziora 2010-11-20 14:45:13 UTC

Comment 3 Jan Pazdziora 2010-11-20 15:04:28 UTC
I believe this has nothing to do with osa-dispatcher, even less with osa-dispatcher creating the file, even less with osa-dispatcher creating a link.

The line reported by lsof is txt (the python program), and it is shown as deleted. The line also says that it's type REG, meaning regular file, not link. It also says that the file was already deleted. And it shows its name as /usr/bin/python.#prelink#.

What I believe has happened on your system was that Spacewalk (and thus osa-dispatcher) was started on your system, and then prelink was run. Which resulted in regeneration of /usr/bin/python but obviously osa-dispatcher is still running using the original text of /usr/bin/python.

I believe that the bug is actually in the Nessus software which for some reason reports deleted program text named /usr/bin/python.#prelink# as broken link.

Closing as NOTABUG, please reopen if you disagree.

Comment 4 eric 2010-11-21 00:09:48 UTC
I verified the broken link by hand to make sure what Nessus was detecting was, in fact, there.

Comment 5 Jan Pazdziora 2010-11-21 18:39:49 UTC
(In reply to comment #4)
> I verified the broken link by hand to make sure what Nessus was detecting was,
> in fact, there.

What was the broken link then? Can you show me the ls -l of that broken link? Are you planning on submitting bugzilla for every product where the text gets prelinked while the daemon is running?

Comment 6 eric 2010-11-22 15:39:50 UTC
The broken link, from the attached output of lsof, is:

osa-dispa 4666 root  txt    REG    8,3     4736 2750846 /usr/bin/python.#prelink# (deleted)

If this behavior is expected and understood I'll pass that along to my security officer.  As of now I have an unexplained broken link that has been identified as a potentially high finding.

Note You need to log in before you can comment on or make changes to this bug.