Enhance ovcheckperms to report on the gtmsignal and gtmsecshr binaries
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenVista/GT.M Integration |
New
|
Undecided
|
Unassigned |
Bug Description
The gtmsignal (and presumably the gtmsecshr) binaries are helper utilities that allow non-privileged users to signal GT.M for process information (generally via the %SS, MSCZJOB* and munin-node utilities). They need to have the owner setuid in order to do this. See below.
> ls -la /opt/lsb-
-r-xr-x--- 1 root gtm 8216 Nov 9 2010 /opt/lsb-
-r-xr-x--- 1 root gtm 13062 Dec 7 2010 /opt/lsb-
> sudo chmod 4550 gtmsignal
> sudo chmod 4550 gtmsecshr
> ls -la /opt/lsb-
-r-sr-x--- 1 root gtm 8216 Nov 9 2010 /opt/lsb-
-r-sr-x--- 1 root gtm 13062 Dec 7 2010 /opt/lsb-
===
I realize that ovcheckperms is generally used to check openvista proper files and directory permissions and not files w/in the GT.M package, however I'm not sure where else this perm check could go...