653954 – osa-dispatcher creates broken links

Bug 653954 - osa-dispatcher creates broken links

Summary: osa-dispatcher creates broken links

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Spacewalk
Classification:	Community
Component:	Server
Sub Component:
Version:	1.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	Jan Pazdziora (Red Hat)
QA Contact:	Red Hat Satellite QA List
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	space12
TreeView+	depends on / blocked

Reported:	2010-11-16 14:32 UTC by eric
Modified:	2010-11-22 15:39 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2010-11-21 18:39:49 UTC
Embargoed:

Attachments	(Terms of Use)
Output of lsof (7.89 KB, text/plain) 2010-11-16 14:32 UTC, eric	no flags	Details
Output of Nessus (959 bytes, text/plain) 2010-11-16 14:34 UTC, eric	no flags	Details
View All

Description eric 2010-11-16 14:32:36 UTC

Created attachment 460844 [details]
Output of lsof

Description of problem: While performing a Nessus security scan a vulnerability is found showing a broken link.  The broken link is occurring in /usr/bin/python.#prelink#.

Version-Release number of selected component (if applicable):
osa-dispatcher.noarch  5.9.31-1.el5 

How reproducible: Always


Steps to Reproduce:
1. Start Spacewalk
2. sudo /usr/sbin/lsof -i tcp:1290 -P -R
3. sudo /usr/sbin/lsof -p 4666
  
Actual results:
osa-dispa 4666 root  txt    REG    8,3     4736 2750846 /usr/bin/python.#prelink# (deleted)

Expected results:
No broken links

Additional info: See attachments...

Comment 1 eric 2010-11-16 14:34:52 UTC

Created attachment 460846 [details]
Output of Nessus

This is the finding from Nessus.

Comment 2 Jan Pazdziora (Red Hat) 2010-11-20 14:45:13 UTC

Taking.

Comment 3 Jan Pazdziora (Red Hat) 2010-11-20 15:04:28 UTC

I believe this has nothing to do with osa-dispatcher, even less with osa-dispatcher creating the file, even less with osa-dispatcher creating a link.

The line reported by lsof is txt (the python program), and it is shown as deleted. The line also says that it's type REG, meaning regular file, not link. It also says that the file was already deleted. And it shows its name as /usr/bin/python.#prelink#.

What I believe has happened on your system was that Spacewalk (and thus osa-dispatcher) was started on your system, and then prelink was run. Which resulted in regeneration of /usr/bin/python but obviously osa-dispatcher is still running using the original text of /usr/bin/python.

I believe that the bug is actually in the Nessus software which for some reason reports deleted program text named /usr/bin/python.#prelink# as broken link.

Closing as NOTABUG, please reopen if you disagree.

Comment 4 eric 2010-11-21 00:09:48 UTC

I verified the broken link by hand to make sure what Nessus was detecting was, in fact, there.

Comment 5 Jan Pazdziora (Red Hat) 2010-11-21 18:39:49 UTC

(In reply to comment #4)
> I verified the broken link by hand to make sure what Nessus was detecting was,
> in fact, there.

What was the broken link then? Can you show me the ls -l of that broken link? Are you planning on submitting bugzilla for every product where the text gets prelinked while the daemon is running?

Comment 6 eric 2010-11-22 15:39:50 UTC

The broken link, from the attached output of lsof, is:

osa-dispa 4666 root  txt    REG    8,3     4736 2750846 /usr/bin/python.#prelink# (deleted)

If this behavior is expected and understood I'll pass that along to my security officer.  As of now I have an unexplained broken link that has been identified as a potentially high finding.

Note You need to log in before you can comment on or make changes to this bug.