Bug 801496 - mkdumrd does not allow remote dumping if remote user has a restricted shell (rksh)
mkdumrd does not allow remote dumping if remote user has a restricted shell (...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kexec-tools (Show other bugs)
5.8
All Linux
medium Severity medium
: rc
: 5.9
Assigned To: Dave Young
Guangze Bai
:
Depends On:
Blocks: 801497
  Show dependency treegraph
 
Reported: 2012-03-08 11:43 EST by Subin Francis
Modified: 2015-02-08 16:37 EST (History)
5 users (show)

See Also:
Fixed In Version: kexec-tools-1.102pre-158.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 801497 (view as bug list)
Environment:
Last Closed: 2013-01-07 23:09:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to allow network dumps when the remote use is in a restricted shell (844 bytes, patch)
2012-03-08 15:21 EST, Martin McGreal
no flags Details | Diff
use dd instead of cat in ssh vmcore saving (1.28 KB, application/octet-stream)
2012-07-09 23:28 EDT, Dave Young
no flags Details

  None (edit)
Description Subin Francis 2012-03-08 11:43:28 EST
Description of problem:
The mkdumprd command creates an init script that doesn't work if the remote user that is being used to receive the dump is configured with a restricted shell (rksh) for one simple reason:  Restricted shell forbids the use of redirection.  

Version-Release number of selected component (if applicable):
Applicable for all versions of versions of kexec-tools shipped with RHEL

How reproducible:
Configure kdump to dump vmcore via ssh, with the remote kdump user configured to use a restricted shell (rksh), and trigger a kernel panic
  
Actual results:
Dumping will fail since restricted shell forbids the use of redirection.

Expected results:
Dumping should work even if the remote user is configured with a restricted shell (rksh)
Comment 3 Martin McGreal 2012-03-08 15:21:45 EST
Created attachment 568738 [details]
Patch to allow network dumps when the remote use is in a restricted shell

This patch changes the mkdumprd command to use the tee command rather than classic redirection when cat'ing the dump to a file via SSH.  It was tested with kexec-tools-1.102pre-126.el5_6.6.x86_64.
Comment 4 RHEL Product and Program Management 2012-04-02 06:39:25 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 5 Dave Young 2012-07-09 23:28:36 EDT
Created attachment 597202 [details]
use dd instead of cat in ssh vmcore saving

Hi,

Same reason with rhel6 bug 801497, tee will create lots of output to stdout, so we will use "dd of=".

Backport the patch from rhel6
Comment 6 Dave Young 2012-07-10 05:33:14 EDT
Hi, Subin

I uploaded rhel5 srpm and rpms to below url
http://people.redhat.com/ruyang/aa60a46e66f4725af97709df3eb60158/

Could you ask customer to test?

Thanks.
Comment 12 errata-xmlrpc 2013-01-07 23:09:12 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0012.html

Note You need to log in before you can comment on or make changes to this bug.