Bug 684881 - In RHEL5, non-privileged users can receive incorrect service status information
Summary: In RHEL5, non-privileged users can receive incorrect service status information
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: SysVinit
Version: 5.6
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-14 17:25 UTC by Vince Worthington
Modified: 2018-11-14 16:17 UTC (History)
6 users (show)

Fixed In Version: SysVinit-2.86-17.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-07-21 11:01:26 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1040 0 normal SHIPPED_LIVE SysVinit bug fix update 2011-07-20 15:43:51 UTC

Description Vince Worthington 2011-03-14 17:25:20 UTC 
Description of problem:
In RHEL5, non-privileged users can receive incorrect service status information when running "service <service> status".

The LSB standards do not explicitly define whether non-root users should be able to get service status, or even whether an "insufficient permissions" error message should be returned to the user for a status inquiry as the standard defines for other commands.

We are requesting engineering to make a judgement call whether initscripts should be changed in RHEL5 so that a clear "insufficient permissions" (or similar) message is given to non-privileged users (or, that correct status information is given if anything other than an "insufficient permissins" status response is returned).

Support and the customer have been advised that changes like this, especially this far into the release cycle, could be NAK'd by Engineering due to the impact it could have on our existing customer base.

LSB specs for initscripts:
http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html




Version-Release number of selected component (if applicable):
initscripts (any RHEL5 version)

How reproducible:
always

Steps to Reproduce:
1. example given will be for autofs service
2. log in to a system running the autofs service as a non-privileged user
3. run "service autofs status"
  
Actual results:
[skaven@plump ~]$ service autofs status
automount is stopped


Expected results:
either:

1) correct status information, ie:

automount (pid 2534) is running...  (as will occur if they 'sudo service autofs status')

or

2) an error message indicating the user does not have permission to request the service status.


Additional info:
This appears to be related to pidof as well, and options used in /etc/rc.d/init.d/functions.

The following may be helpfuL
-------------
I see what it is -- it's the -c switch:

[skaven@bonnie ~]$ pidof -c -o 25031 -o 24858 -o %PPID -x syslog-ng

[skaven@bonnie ~]$ pidof -o 25031 -o 24858 -o %PPID -x syslog-ng
28451 28450

       -c     Only  return  process  ids  that  are running with the same root
              directory.  This option does not make sense for non-root  users,
              as  they  will  be unable to check the current root directory of
              processes they do not own.

That explains why it's not returning anything.

So the problem is in /etc/init.d/functions.

In RHEL4, all of the pidof calls in /etc/init.d/functions use the -o and -x switch, but not the -c switch, so it works fine for non-root users.

In RHEL5, the __pids_pidof() function in /etc/init.d/functions uses the -c switch in addition to the -o and -x switch.  Thus, non-root users cannot be reasonably expected to get accurate status back for processes where they can't access the root directory link of processes they don't own.

Is this expected behavior?  Is it expected that you be root to run 'service <something> status'?
-------------
Comment 2 Bill Nottingham 2011-03-14 18:20:00 UTC 
I think what you're looking for is a backport of the fix for #230829? Assigning to sysvinit.
Comment 3 Bill Nottingham 2011-03-14 18:20:36 UTC 
(Note that there are still occasions where non-root might get incorrect status - unreadable pid files, etc.)
Comment 4 Paul Victor Novarese 2011-03-15 17:14:08 UTC 
Hi Bill,

What we'd ideally like to see is behavior like rsyslog in F14:

novarese@gyrados /home/novarese/> service rsyslog status
rsyslogd status unknown due to insufficient privileges.  

The pidof issue is just a contributing factor.  The real issue here is the service scripts returning incorrect info.  

If the script needs privileges to return a correct status then it should output an appropriate message and exit with a non-zero code (IMO).  This seems like basic fail-safe philosophy regardless of whether the LSB spec mandates any particular behavior in cases where non-root users query status or not.

Thanks,

--pvn
Comment 5 Bill Nottingham 2011-03-15 17:51:12 UTC 
That would be backporting de8b2aed329ea2e3c087bc25764fc1779a83fafc and c9486ffd2452e83dc7ffa756b509ead3db698d9f, as well as the SysVinit change. Note that this changes the return code/behavior of a couple of init.d/functions functions in that case. It *shouldn't* break anything, but...
Comment 11 errata-xmlrpc 2011-07-21 11:01:26 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1040.html
Note You need to log in before you can comment on or make changes to this bug.