Red Hat Bugzilla – Bug 989480
secalert: glusterfs-fuse: File /usr/bin/fusermount-glusterfs on x86_64 is setuid root but is not on the setxid whitelist
Last modified: 2015-11-22 21:57:57 EST
errata tool reports secalert for glusterfs-fuse
File /usr/bin/fusermount-glusterfs on x86_64 is setuid root but is not on the setxid whitelist
Bala, looks like '/usr/bin/fusermount' from package 'fuse' also has same setxid bits enabled. We just need fusermount-glusterfs to be added to the whitelist then.
Issue fixed with fixing the modes.
Steps to check:
On any glusterfs version (not on RHS or on RHS, before glusterfs-18.104.22.168rhs)
amar@ganaka:~/work/rhs-glusterfs$ ls -l /usr/bin/fusermount-glusterfs
-rwsr-xr-x 1 root root 102192 Oct 5 00:03 /usr/local/bin/fusermount-glusterfs
with latest rhs, you don't see the setuid set on the file. (ie, no 's' in the mode bits).
[root@dhcp201-162 ~]# ls -l /usr/bin/fusermount-glusterfs
-rwxr-xr-x. 1 root root 28304 Oct 8 11:35 /usr/bin/fusermount-glusterfs
[root@dhcp201-162 ~]# rpm -qf /usr/bin/fusermount-glusterfs
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.