[Open-scap] possible buffer size issue with oval eval ?
Daniel Kopecek
dkopecek at redhat.com
Fri Jun 21 12:41:55 UTC 2013
Hi Brian,
On Wed, 19 Jun 2013 13:18:14 -0500
Brian Millett <bmillett at gmail.com> wrote:
>
> oscap -V => OSCAP util (oscap) 0.9.3
could you please retry with a newer version? Ideally with the latest
release (0.9.8).
An strace output would also be helpful. Please use the following
command to generate it:
$ strace -s 33554432 -ff -o oscap-strace.log \
oscap oval eval dir_perms_world_writable_sticky_bitszzyosu.xml
Thanks,
Dan K.
> Ok, so on my rhel6 system, there is a folder that is exported with
> +-40K directories. Doing an evaluation (xccdf or oval) I get an
> error but sometimes it works. This is doing a check for sticky bit
> on world writable directories.
>
> In my oval definition, I have
>
> <objects><unix:file_object comment="only local directories"
> id="oval:scap-security-guide.testing:obj:102" version="1">
> <unix:behaviors recurse="directories" recurse_direction="down"
> max_depth="-1" recurse_file_system="local"/> <unix:path
> operation="equals">/</unix:path> <unix:filename xsi:nil="true"/>
> <filter
> action="include">oval:scap-security-guide.testing:ste:103</filter>
> </unix:file_object> </objects>
>
> Doing an evaluation, the error is:
>
> oscap oval eval dir_perms_world_writable_sticky_bitszzyosu.xml
> OpenSCAP Error: Unable to receive a message from probe
> [oval_probe_ext.c:583]
>
> if I go in and change the root path from "/" to a nested directory
> that has less directories (64 vs 39158), the eval works every time
>
> oscap oval eval dir_perms_world_writable_sticky_bitszMeoy0.xml
> Definition oval:scap-security-guide.testing:def:100: false
> Evaluation done.
>
> Thanks.
More information about the Open-scap-list
mailing list