[Linux-PowerEdge] OMSA 7.4.0 : you do not have execution permission for ./invcol

Santosh_Gore at Dell.com Santosh_Gore at Dell.com
Wed Apr 23 07:34:25 CDT 2014


Dell - Internal Use - Confidential
Hi Robert,

Thanks for sharing the information!  We will make required changes in the invcol to fix this issue in the future release.

Thanks
Santosh
From: Robert Jacobson [mailto:teridon at gmail.com]
Sent: Wednesday, April 23, 2014 5:55 PM
To: Gore, Santosh
Cc: linux-poweredge-Lists
Subject: Re: [Linux-PowerEdge] OMSA 7.4.0 : you do not have execution permission for ./invcol


Hi, thanks for responding.

[root at sfep2 ~]# /opt/dell/srvadmin/sbin/invcol
ldd: warning: you do not have execution permission for `./invcol'
/opt/dell/srvadmin/sbin/invcol: line 358: ./invcol: Permission denied

On further examination of the script, I see that it has a binary blob at the end, which it extracts to a random subdirectory of /tmp and then attempts to run.

For security reasons I have disabled running executables from /tmp by using the "noexec" mount option.  If I enable exec on /tmp again; e.g.:

mount -o remount.exec /tmp

and then I run invcol, it no longer gives me the "permission denied" error.

This security configuration (disabling "exec" on /tmp) is a common Federal  baseline configuration (USGCB) so can you please change invcol not to use /tmp for execution?  I don't know why Dell is embedded binary blobs in scripts and running them instead of separating the script and binary but in this case it seems unnecessary.

For now I've manually edited the invcol script to use /opt/dell/srvadmin/tmp (a directory I had to create), and again set "noexec" on /tmp.

--- invcol.orig 2014-02-05 11:21:53.000000000 +0000
+++ invcol      2014-04-23 12:19:07.812063206 +0000
@@ -69,7 +69,7 @@
 typeset -r _TMPFILE_PREFIX="/tmp/.dellIC"
 typeset -r _BUNDLE_APP_VERSION="CMSDK 2.0"
 typeset -r _COLLECTOR=invcol
-typeset -r _TARGET_DIR=/tmp/$_INVCOLAPP_NAME_$$_$RANDOM
+typeset -r _TARGET_DIR=/opt/dell/srvadmin/tmp/$_INVCOLAPP_NAME_$$_$RANDOM

# Other constants
typeset -i _VERBOSE=0




On Wed, Apr 23, 2014 at 4:52 AM, <Santosh_Gore at dell.com<mailto:Santosh_Gore at dell.com>> wrote:
Dell - Internal Use - Confidential
Hi Robert,

Please run the invcol “/opt/dell/srvadmin/sbin/invcol” from shell prompt and share console output.

Thanks
Santosh
From: linux-poweredge-bounces-Lists On Behalf Of Robert Jacobson
Sent: Monday, April 21, 2014 9:15 PM
To: linux-poweredge-Lists
Subject: [Linux-PowerEdge] OMSA 7.4.0 : you do not have execution permission for ./invcol


I just upgraded to OMSA 7.40 on my R720xd (CentOS 6.4).  To upgrade I did:

yum -y upgrade srvadmin-* dell_ie*

Is that the recommended process?

In any case, the install seemed to work correctly.  I then started the services.   A few seconds after the services start, I get an error about ldd and ./invcol (see below):

[root at sfep2 fep]# srvadmin-services.sh start
Starting Systems Management Device Drivers:
Starting dell_rbu:                                         [  OK  ]
Starting ipmi driver: Already started                      [  OK  ]
Starting Systems Management Data Engine:
Starting dsm_sa_datamgrd:                                  [  OK  ]
Starting dsm_sa_eventmgrd:                                 [  OK  ]
Starting dsm_sa_snmpd:                                     [  OK  ]
Starting DSM SA Shared Services:                           [  OK  ]
Starting DSM SA Connection Service:                        [  OK  ]
[root at sfep2 fep]# ldd: warning: you do not have execution permission for `./invcol'
/opt/dell/srvadmin/sbin/invcol: line 358: ./invcol: Permission denied

I can't see any reason why root wouldn't be able to execute invcol:

[root at sfep2 fep]# rpm -qf /opt/dell/srvadmin/sbin/lx64/invcol
srvadmin-cm-7.4.0-4.1.115.el6.x86_64
[root at sfep2 fep]# ll /opt/dell/srvadmin/sbin/invcol
lrwxrwxrwx. 1 root root 35 Apr 18 15:26 /opt/dell/srvadmin/sbin/invcol -> /opt/dell/srvadmin/sbin/lx64/invcol*
[root at sfep2 fep]# ll /opt/dell/srvadmin/sbin/lx64/invcol
-rwxr-xr-x. 1 root root 32853942 Feb  5 11:21 /opt/dell/srvadmin/sbin/lx64/invcol*
[root at sfep2 fep]# mount | grep /opt
/dev/mapper/vg0-OptVol on /opt type ext4 (rw)


Ideas, please?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20140423/b2b6978f/attachment-0001.html 


More information about the Linux-PowerEdge mailing list