[Open-scap] possible buffer size issue with oval eval ?

Brian Millett bmillett at gmail.com
Tue Jun 25 13:16:30 UTC 2013 

Thanks Peter, I now can not duplicate the error either.  When I run (i have id
509) I get after running
oscap oval eval --id oval:ssg:def:509 --results res.xml ssg-rhel6-oval.xml
in the res.xml:

        <definition definition_id="oval:ssg:def:509" result="false"
        version="1"> <criteria operator="AND" result="false">
            <criterion test_ref="oval:ssg:tst:510" version="1" result="false"
        negate="true"/> </criteria>
        </definition>

So it ran. 

nuts.  Ok,

thanks for the help.


On Mon, 24 Jun 2013 14:06:23 +0200
Peter Vrabec <pvrabec at redhat.com> wrote:

> Hi all,
> 
> I have just tested openscap-0.9.3 and 0.9.7 running Fedora 18 box with 
> "many many" directories,
> # find / -xdev -type d | wc -l
> 51972
> 
> # oscap oval eval --id oval:ssg:def:955 --results res.xml ssg-rhel6-oval.xml
> runs OK, "oval:ssg:def:955" is dir_perms_world_writable_sticky_bits
> 
> I was not able to reproduce the problem.
> 
> Peter.
> 
> On 06/21/2013 02:41 PM, Daniel Kopecek wrote:
> > Hi Brian,
> >
> > On Wed, 19 Jun 2013 13:18:14 -0500
> > Brian Millett <bmillett at gmail.com> wrote:
> >
> >>
> >> oscap -V => OSCAP util (oscap) 0.9.3
> >
> > could you please retry with a newer version? Ideally with the latest
> > release (0.9.8).
> >
> > An strace output would also be helpful. Please use the following
> > command to generate it:
> >
> > 	$ strace -s 33554432 -ff -o oscap-strace.log \
> > 	oscap oval eval dir_perms_world_writable_sticky_bitszzyosu.xml
> >
> > Thanks,
> > Dan K.
> >
> >> Ok, so on my rhel6 system, there is a folder that is exported with
> >> +-40K directories.  Doing an evaluation (xccdf or oval) I get an
> >> error but sometimes it works.  This is doing a check for sticky bit
> >> on world writable directories.
> >>
> >> In my oval definition, I have
> >>
> >> <objects><unix:file_object comment="only local directories"
> >> id="oval:scap-security-guide.testing:obj:102" version="1">
> >> <unix:behaviors recurse="directories" recurse_direction="down"
> >> max_depth="-1" recurse_file_system="local"/> <unix:path
> >> operation="equals">/</unix:path> <unix:filename xsi:nil="true"/>
> >> <filter
> >> action="include">oval:scap-security-guide.testing:ste:103</filter>
> >> </unix:file_object> </objects>
> >>
> >> Doing an evaluation, the error is:
> >>
> >> oscap oval eval dir_perms_world_writable_sticky_bitszzyosu.xml
> >> OpenSCAP Error: Unable to receive a message from probe
> >> [oval_probe_ext.c:583]
> >>
> >> if I go in and change the root path from "/" to a nested directory
> >> that has less directories (64 vs 39158), the eval works every time
> >>
> >> oscap oval eval dir_perms_world_writable_sticky_bitszMeoy0.xml
> >> Definition oval:scap-security-guide.testing:def:100: false
> >> Evaluation done.
> >>
> >> Thanks.
> >
> > _______________________________________________
> > Open-scap-list mailing list
> > Open-scap-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/open-scap-list
> >
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list



-- 
Brian Millett
"I can only conclude that I'm paying off karma at a vastly accelerated rate."
           -- [ Ivanova, "Points of Departure"]

More information about the Open-scap-list mailing list