[Open-scap] possible buffer size issue with oval eval ?
Brian Millett
bmillett at gmail.com
Wed Jun 19 18:18:14 UTC 2013
oscap -V => OSCAP util (oscap) 0.9.3
Ok, so on my rhel6 system, there is a folder that is exported with +-40K
directories. Doing an evaluation (xccdf or oval) I get an error but sometimes
it works. This is doing a check for sticky bit on world writable directories.
In my oval definition, I have
<objects><unix:file_object comment="only local directories"
id="oval:scap-security-guide.testing:obj:102" version="1"> <unix:behaviors
recurse="directories" recurse_direction="down" max_depth="-1"
recurse_file_system="local"/> <unix:path operation="equals">/</unix:path>
<unix:filename xsi:nil="true"/> <filter
action="include">oval:scap-security-guide.testing:ste:103</filter>
</unix:file_object> </objects>
Doing an evaluation, the error is:
oscap oval eval dir_perms_world_writable_sticky_bitszzyosu.xml
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583]
if I go in and change the root path from "/" to a nested directory that has
less directories (64 vs 39158), the eval works every time
oscap oval eval dir_perms_world_writable_sticky_bitszMeoy0.xml
Definition oval:scap-security-guide.testing:def:100: false
Evaluation done.
Thanks.
--
Brian Millett
"Londo, you're making a big mistakes."
'A huge mistake.'
`Well, it won't be my first. Actually, it will be my fourth.`
-- [ Daggair, Mariel, and Londo, "Soul Mates"]
More information about the Open-scap-list
mailing list