[Linux-PowerEdge] OMSA 7.4.0 : you do not have execution permission for ./invcol

Robert Jacobson teridon at gmail.com
Wed Apr 23 07:25:11 CDT 2014


Hi, thanks for responding.

[root at sfep2 ~]# /opt/dell/srvadmin/sbin/invcol
ldd: warning: you do not have execution permission for `./invcol'
/opt/dell/srvadmin/sbin/invcol: line 358: ./invcol: Permission denied

On further examination of the script, I see that it has a binary blob at
the end, which it extracts to a random subdirectory of /tmp and then
attempts to run.

For security reasons I have disabled running executables from /tmp by using
the "noexec" mount option.  If I enable exec on /tmp again; e.g.:

mount -o remount.exec /tmp

and then I run invcol, it no longer gives me the "permission denied" error.

This security configuration (disabling "exec" on /tmp) is a common Federal
 baseline configuration (USGCB) so can you please change invcol not to use
/tmp for execution?  I don't know why Dell is embedded binary blobs in
scripts and running them instead of separating the script and binary but in
this case it seems unnecessary.

For now I've manually edited the invcol script to use
/opt/dell/srvadmin/tmp (a directory I had to create), and again set
"noexec" on /tmp.

--- invcol.orig 2014-02-05 11:21:53.000000000 +0000
+++ invcol      2014-04-23 12:19:07.812063206 +0000
@@ -69,7 +69,7 @@
 typeset -r _TMPFILE_PREFIX="/tmp/.dellIC"
 typeset -r _BUNDLE_APP_VERSION="CMSDK 2.0"
 typeset -r _COLLECTOR=invcol
-typeset -r _TARGET_DIR=/tmp/$_INVCOLAPP_NAME_$$_$RANDOM
+typeset -r _TARGET_DIR=/opt/dell/srvadmin/tmp/$_INVCOLAPP_NAME_$$_$RANDOM

# Other constants
typeset -i _VERBOSE=0





On Wed, Apr 23, 2014 at 4:52 AM, <Santosh_Gore at dell.com> wrote:

> Dell - Internal Use - Confidential
> Hi Robert,
>
> Please run the invcol “/opt/dell/srvadmin/sbin/invcol” from shell prompt
> and share console output.
>
> Thanks
> Santosh
> From: linux-poweredge-bounces-Lists On Behalf Of Robert Jacobson
> Sent: Monday, April 21, 2014 9:15 PM
> To: linux-poweredge-Lists
> Subject: [Linux-PowerEdge] OMSA 7.4.0 : you do not have execution
> permission for ./invcol
>
>
> I just upgraded to OMSA 7.40 on my R720xd (CentOS 6.4).  To upgrade I did:
>
> yum -y upgrade srvadmin-* dell_ie*
>
> Is that the recommended process?
>
> In any case, the install seemed to work correctly.  I then started the
> services.   A few seconds after the services start, I get an error about
> ldd and ./invcol (see below):
>
> [root at sfep2 fep]# srvadmin-services.sh start
> Starting Systems Management Device Drivers:
> Starting dell_rbu:                                         [  OK  ]
> Starting ipmi driver: Already started                      [  OK  ]
> Starting Systems Management Data Engine:
> Starting dsm_sa_datamgrd:                                  [  OK  ]
> Starting dsm_sa_eventmgrd:                                 [  OK  ]
> Starting dsm_sa_snmpd:                                     [  OK  ]
> Starting DSM SA Shared Services:                           [  OK  ]
> Starting DSM SA Connection Service:                        [  OK  ]
> [root at sfep2 fep]# ldd: warning: you do not have execution permission for
> `./invcol'
> /opt/dell/srvadmin/sbin/invcol: line 358: ./invcol: Permission denied
>
> I can't see any reason why root wouldn't be able to execute invcol:
>
> [root at sfep2 fep]# rpm -qf /opt/dell/srvadmin/sbin/lx64/invcol
> srvadmin-cm-7.4.0-4.1.115.el6.x86_64
> [root at sfep2 fep]# ll /opt/dell/srvadmin/sbin/invcol
> lrwxrwxrwx. 1 root root 35 Apr 18 15:26 /opt/dell/srvadmin/sbin/invcol ->
> /opt/dell/srvadmin/sbin/lx64/invcol*
> [root at sfep2 fep]# ll /opt/dell/srvadmin/sbin/lx64/invcol
> -rwxr-xr-x. 1 root root 32853942 Feb  5 11:21
> /opt/dell/srvadmin/sbin/lx64/invcol*
> [root at sfep2 fep]# mount | grep /opt
> /dev/mapper/vg0-OptVol on /opt type ext4 (rw)
>
>
> Ideas, please?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20140423/627dd461/attachment.html 


More information about the Linux-PowerEdge mailing list