Enhance ovcheckperms to report on the gtmsignal and gtmsecshr binaries

Bug #812962 reported by Ben Mehling on 2011-07-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenVista/GT.M Integration
Undecided
Unassigned

Bug Description

The gtmsignal (and presumably the gtmsecshr) binaries are helper utilities that allow non-privileged users to signal GT.M for process information (generally via the %SS, MSCZJOB* and munin-node utilities). They need to have the owner setuid in order to do this. See below.

> ls -la /opt/lsb-gtm/V5.4-000A_x86_64/gtms*
-r-xr-x--- 1 root gtm 8216 Nov 9 2010 /opt/lsb-gtm/V5.4-000A_x86_64/gtmsecshr
-r-xr-x--- 1 root gtm 13062 Dec 7 2010 /opt/lsb-gtm/V5.4-000A_x86_64/gtmsignal

> sudo chmod 4550 gtmsignal
> sudo chmod 4550 gtmsecshr

> ls -la /opt/lsb-gtm/V5.4-000A_x86_64/gtms*
-r-sr-x--- 1 root gtm 8216 Nov 9 2010 /opt/lsb-gtm/V5.4-000A_x86_64/gtmsecshr
-r-sr-x--- 1 root gtm 13062 Dec 7 2010 /opt/lsb-gtm/V5.4-000A_x86_64/gtmsignal

===

I realize that ovcheckperms is generally used to check openvista proper files and directory permissions and not files w/in the GT.M package, however I'm not sure where else this perm check could go...

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers