Bug 964208 - htop trying to access proc io stats as normal user
htop trying to access proc io stats as normal user
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: htop (Show other bugs)
el5
Unspecified Linux
unspecified Severity medium
: ---
: ---
Assigned To: Mukundan Ragavan
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-17 10:36 EDT by Gary Anderson
Modified: 2016-04-22 00:22 EDT (History)
2 users (show)

See Also:
Fixed In Version: htop-1.0.3-1.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-05 17:36:57 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gary Anderson 2013-05-17 10:36:02 EDT
Description of problem:
htop-0.8.3-1.el5.x86_64 attempts to access the /proc/*/task/*/io file as a normal user. In RHEL5 this file is owned by root, with a mode of 0400. The attempt throws an error -13 ("access denied") to the audit subsystem for each and every access attempt, literally thousands per second. If the auditd is running and access denied events are being logged, this could potentially fill the filesystem in a short time. On a busy system it has been seen that the audit subsystem will overrun a buffer of 8192 (default for stig.rules) with these audit events, and if the failure mode for audit is set to 2 ("PANIC", which is again default in stig.rules), the system will kernel panic on this event.


Version-Release number of selected component (if applicable):
0.8.3-1.el5


How reproducible:
When the htop is run as a normal user on a busy system running file access denial auditing.


Steps to Reproduce:
1. Activate the auditd subsystem with access denied events being logged
2. Run htop as a normal user
3. create an appreciable amount of activity on a system (e.g. database, httpd, etc.)
  
Actual results:
Many access denied events per second being logged from the htop process access attempts to the proc io file for each process.


Expected results:
when run as a normal user, htop not attempting to access a file which is by default not accessible by normal users in a RHEL5 system.


Additional info:
This may be a somewhat unique configuration, but still something to think about as many systems use the NSA RHEL5 Hardening Guide suggestions (http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf), of which section 2.6.2.4.8, "Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)", details the auditctl commands to record these events. I am sure there are similar recommendations in the security community.
Comment 1 Dawid Gajownik 2014-01-19 07:09:06 EST
Hi Gary,

thanks for your bug report. I prepared a patch and sent it to the upstream developer for the review. Hopefully it will be fixed in the next htop version.

Just a quick question: latest htop binary tries to access /proc/*/task/*/io or /proc/*/io?
Comment 2 Fedora Update System 2015-10-30 16:36:56 EDT
htop-1.0.3-1.el5 has been submitted as an update to Fedora EPEL 5. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6cc3eabd11
Comment 3 Fedora Update System 2015-11-01 11:47:52 EST
htop-1.0.3-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'yum --enablerepo=epel-testing update htop'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6cc3eabd11
Comment 4 Fedora Update System 2016-04-22 00:22:25 EDT
htop-1.0.3-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.