|
rpm id |
test |
Status |
message |
|
xCAT-nbroot-core-ppc64-2.5.1-alt0.4.noarch |
missing-url |
info |
Missing Url: in a package. |
|
xCAT-nbroot-core-ppc64-2.5.1-alt0.4.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/ppc64/nbroot/usr/share/udhcpc/default.script: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/ppc64/nbroot/usr/share/udhcpc/default.script deconfig) /sbin/ifconfig $interface up /sbin/ifconfig $interface 0.0.0.0 ;; bound|renew) echo $siaddr >> /tmp/dhcpserver /sbin/ifconfig $interface $ip netmask $subnet if [ -n "$router" ] ; then while route del default gw 0.0.0.0 dev $interface > /dev/null 2>&1; do : done Found error in /usr/share/xcat/netboot/ppc64/nbroot/bin/restart: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/ppc64/nbroot/bin/restart #!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #Redhcp, do the xcat part again FORCENICS=`cat /restart|awk '{print $2}'` rm /restart echo -n > /tmp/dhcpserver if [ ! -z "$FORCENICS" ]; then echo "Forcing down nics aside from $FORCENICS due to discoverynics setting" kill `ps axf|grep udhcpc|egrep -v "$FORCENICS"|grep -v grep|awk '{print $1}'` for nic in `ifconfig|grep HWaddr|awk '{print $1}'|egrep -v "$FORCENICS"`; do ifconfig $nic down Found error in /usr/share/xcat/netboot/ppc64/nbroot/bin/dodestiny: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/ppc64/nbroot/bin/dodestiny export XCATMASTER=`echo $XCATDEST | awk -F: '{print $1}'` export XCATPORT=`echo $XCATDEST | awk -F: '{print $2}'` fi while :; do DESTINY=`grep destiny /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` DEST=`echo $DESTINY|awk -F= '{print $1}'` #No bash, no tricks TARG=`echo $DESTINY|awk -F= '{print $2}'` #No bash, no tricks DESTINY=`echo $DESTINY|awk '{print $1}'` #No bash, no tricks if [ "$DESTINY" == "standby" ]; then echo "Server notified us of standby condition, please check chain table". -- echo "$MTM" fi if [ "$SERIAL" != "unknown" ]; then echo "$SERIAL" fi echo "" ) > /tmp/discout if [ ! -z "$XCATMASTER" ]; then ping -c 1 $XCATMASTER [ -f "/tmp/discout" ] && netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT fi if [ -z "$XCATMASTER" ] || sleep 8 > /dev/null 2>&1 #Give the preferred method 8 seconds to complete before resorting then for nic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'`; do #also, bring down interfaces to make sure that we send from the 'right' nic MYB=`ifconfig $nic 2>/dev/null|grep "Bcast"|awk '{print $3}'|awk -F: '{print $2}'` -- if [ ! -z "$MYB" -a "$OTB" == "$MYB" ]; then # if broadcasts match, down the other nic ifconfig $dnic down fi done if [ ! -z "$XCATMASTER" ]; then [ -f "/tmp/discout" ] && (ping -c 1 $XCATMASTER; netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT) fi for dhcps in `cat /tmp/dhcpserver`; do [ -f "/tmp/discout" ] && ( ping -c 1 $dhcps; netcat -e 'cat /tmp/discout' -u -p 301 $dhcps $XCATPORT ) done for dnic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'|grep -v $nic`; do ifconfig $dnic up done if ! sleep 5 > /dev/null 2>&1; then break; fi # give management server a chance to get to minixcatd.awk -- done $TARG fi if [ "$DESTINY" == "install" -o "$DESTINY" == "netboot" ]; then /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead IMGSERVER=`grep imgserver /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` INITRD=`grep initrd /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KERNEL=`grep kernel /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KCMD=`grep kcmdline /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` ERROR=`wget http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` done ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` done #START getting ready for kexec for mod in `lsmod|awk '{print $1}'|grep -v Module`; do rmmod $mod done #kexec -f --append="$KCMD" --initrd=/tmp/initrd /tmp/kernel /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead fi if [ "$DEST" == "runimage" ]; then mkdir /tmp/`basename $TARG` cd /tmp/`basename $TARG` ERROR=`wget $TARG` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c $TARG 2>&1` done while ! nextdestiny ; do echo "Retrying next destiny..." done tar zxvf `basename $TARG` cd /tmp/`basename $TARG` ./runme.sh cd - fi sleep 5 # something may be transiently wrong, check back in 5 seconds getdestiny if grep error /tmp/destiny; then echo ERROR: see above fi done |
|
xCAT-nbroot-core-x86-2.5.1-alt0.4.noarch |
missing-url |
info |
Missing Url: in a package. |
|
xCAT-nbroot-core-x86-2.5.1-alt0.4.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/x86/nbroot/usr/share/udhcpc/default.script: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86/nbroot/usr/share/udhcpc/default.script deconfig) /sbin/ifconfig $interface up /sbin/ifconfig $interface 0.0.0.0 ;; bound|renew) echo $siaddr >> /tmp/dhcpserver /sbin/ifconfig $interface $ip netmask $subnet if [ -n "$router" ] ; then while route del default gw 0.0.0.0 dev $interface > /dev/null 2>&1; do : done Found error in /usr/share/xcat/netboot/x86/nbroot/bin/restart: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86/nbroot/bin/restart #!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #Redhcp, do the xcat part again FORCENICS=`cat /restart|awk '{print $2}'` rm /restart echo -n > /tmp/dhcpserver if [ ! -z "$FORCENICS" ]; then echo "Forcing down nics aside from $FORCENICS due to discoverynics setting" kill `ps axf|grep udhcpc|egrep -v "$FORCENICS"|grep -v grep|awk '{print $1}'` for nic in `ifconfig|grep HWaddr|awk '{print $1}'|egrep -v "$FORCENICS"`; do ifconfig $nic down Found error in /usr/share/xcat/netboot/x86/nbroot/bin/dodestiny: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86/nbroot/bin/dodestiny export XCATMASTER=`echo $XCATDEST | awk -F: '{print $1}'` export XCATPORT=`echo $XCATDEST | awk -F: '{print $2}'` fi while :; do DESTINY=`grep destiny /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` DEST=`echo $DESTINY|awk -F= '{print $1}'` #No bash, no tricks TARG=`echo $DESTINY|awk -F= '{print $2}'` #No bash, no tricks DESTINY=`echo $DESTINY|awk '{print $1}'` #No bash, no tricks if [ "$DESTINY" == "standby" ]; then echo "Server notified us of standby condition, please check chain table". -- echo "$MTM" fi if [ "$SERIAL" != "unknown" ]; then echo "$SERIAL" fi echo "" ) > /tmp/discout if [ ! -z "$XCATMASTER" ]; then ping -c 1 $XCATMASTER [ -f "/tmp/discout" ] && netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT fi if [ -z "$XCATMASTER" ] || sleep 8 > /dev/null 2>&1 #Give the preferred method 8 seconds to complete before resorting then for nic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'`; do #also, bring down interfaces to make sure that we send from the 'right' nic MYB=`ifconfig $nic 2>/dev/null|grep "Bcast"|awk '{print $3}'|awk -F: '{print $2}'` -- if [ ! -z "$MYB" -a "$OTB" == "$MYB" ]; then # if broadcasts match, down the other nic ifconfig $dnic down fi done if [ ! -z "$XCATMASTER" ]; then [ -f "/tmp/discout" ] && (ping -c 1 $XCATMASTER; netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT) fi for dhcps in `cat /tmp/dhcpserver`; do [ -f "/tmp/discout" ] && ( ping -c 1 $dhcps; netcat -e 'cat /tmp/discout' -u -p 301 $dhcps $XCATPORT ) done for dnic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'|grep -v $nic`; do ifconfig $dnic up done if ! sleep 5 > /dev/null 2>&1; then break; fi # give management server a chance to get to minixcatd.awk -- done $TARG fi if [ "$DESTINY" == "install" -o "$DESTINY" == "netboot" ]; then /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead IMGSERVER=`grep imgserver /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` INITRD=`grep initrd /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KERNEL=`grep kernel /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KCMD=`grep kcmdline /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` ERROR=`wget http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` done ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` done #START getting ready for kexec for mod in `lsmod|awk '{print $1}'|grep -v Module`; do rmmod $mod done #kexec -f --append="$KCMD" --initrd=/tmp/initrd /tmp/kernel /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead fi if [ "$DEST" == "runimage" ]; then mkdir /tmp/`basename $TARG` cd /tmp/`basename $TARG` ERROR=`wget $TARG` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c $TARG 2>&1` done while ! nextdestiny ; do echo "Retrying next destiny..." done tar zxvf `basename $TARG` cd /tmp/`basename $TARG` ./runme.sh cd - fi sleep 5 # something may be transiently wrong, check back in 5 seconds getdestiny if grep error /tmp/destiny; then echo ERROR: see above fi done |
|
xCAT-nbroot-core-x86_64-2.5.1-alt0.4.noarch |
missing-url |
info |
Missing Url: in a package. |
|
xCAT-nbroot-core-x86_64-2.5.1-alt0.4.noarch |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/share/xcat/netboot/x86_64/nbroot/usr/share/udhcpc/default.script: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86_64/nbroot/usr/share/udhcpc/default.script deconfig) /sbin/ifconfig $interface up /sbin/ifconfig $interface 0.0.0.0 ;; bound|renew) echo $siaddr >> /tmp/dhcpserver /sbin/ifconfig $interface $ip netmask $subnet if [ -n "$router" ] ; then while route del default gw 0.0.0.0 dev $interface > /dev/null 2>&1; do : done Found error in /usr/share/xcat/netboot/x86_64/nbroot/bin/restart: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86_64/nbroot/bin/restart #!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #Redhcp, do the xcat part again FORCENICS=`cat /restart|awk '{print $2}'` rm /restart echo -n > /tmp/dhcpserver if [ ! -z "$FORCENICS" ]; then echo "Forcing down nics aside from $FORCENICS due to discoverynics setting" kill `ps axf|grep udhcpc|egrep -v "$FORCENICS"|grep -v grep|awk '{print $1}'` for nic in `ifconfig|grep HWaddr|awk '{print $1}'|egrep -v "$FORCENICS"`; do ifconfig $nic down Found error in /usr/share/xcat/netboot/x86_64/nbroot/bin/dodestiny: $ grep -A5 -B5 /tmp/ /usr/share/xcat/netboot/x86_64/nbroot/bin/dodestiny export XCATMASTER=`echo $XCATDEST | awk -F: '{print $1}'` export XCATPORT=`echo $XCATDEST | awk -F: '{print $2}'` fi while :; do DESTINY=`grep destiny /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` DEST=`echo $DESTINY|awk -F= '{print $1}'` #No bash, no tricks TARG=`echo $DESTINY|awk -F= '{print $2}'` #No bash, no tricks DESTINY=`echo $DESTINY|awk '{print $1}'` #No bash, no tricks if [ "$DESTINY" == "standby" ]; then echo "Server notified us of standby condition, please check chain table". -- echo "$MTM" fi if [ "$SERIAL" != "unknown" ]; then echo "$SERIAL" fi echo "" ) > /tmp/discout if [ ! -z "$XCATMASTER" ]; then ping -c 1 $XCATMASTER [ -f "/tmp/discout" ] && netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT fi if [ -z "$XCATMASTER" ] || sleep 8 > /dev/null 2>&1 #Give the preferred method 8 seconds to complete before resorting then for nic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'`; do #also, bring down interfaces to make sure that we send from the 'right' nic MYB=`ifconfig $nic 2>/dev/null|grep "Bcast"|awk '{print $3}'|awk -F: '{print $2}'` -- if [ ! -z "$MYB" -a "$OTB" == "$MYB" ]; then # if broadcasts match, down the other nic ifconfig $dnic down fi done if [ ! -z "$XCATMASTER" ]; then [ -f "/tmp/discout" ] && (ping -c 1 $XCATMASTER; netcat -e 'cat /tmp/discout' -u -p 301 $XCATMASTER $XCATPORT) fi for dhcps in `cat /tmp/dhcpserver`; do [ -f "/tmp/discout" ] && ( ping -c 1 $dhcps; netcat -e 'cat /tmp/discout' -u -p 301 $dhcps $XCATPORT ) done for dnic in `ifconfig -a 2>/dev/null|grep HWaddr|grep -v sit|awk '{print $1}'|grep -v $nic`; do ifconfig $dnic up done if ! sleep 5 > /dev/null 2>&1; then break; fi # give management server a chance to get to minixcatd.awk -- done $TARG fi if [ "$DESTINY" == "install" -o "$DESTINY" == "netboot" ]; then /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead IMGSERVER=`grep imgserver /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` INITRD=`grep initrd /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KERNEL=`grep kernel /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` KCMD=`grep kcmdline /tmp/destiny | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'` ERROR=`wget http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$KERNEL -O /tmp/kernel 2>&1` done ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c http://$IMGSERVER/tftpboot/$INITRD -O /tmp/initrd 2>&1` done #START getting ready for kexec for mod in `lsmod|awk '{print $1}'|grep -v Module`; do rmmod $mod done #kexec -f --append="$KCMD" --initrd=/tmp/initrd /tmp/kernel /bin/rebootnode #If script is here, kexec failed, reboot in case it wasn't a linux kernel and let the boot loader handle it instead fi if [ "$DEST" == "runimage" ]; then mkdir /tmp/`basename $TARG` cd /tmp/`basename $TARG` ERROR=`wget $TARG` while [ $? == 1 ] && echo $ERROR|grep -v 416; do sleep 10 ERROR=`wget -c $TARG 2>&1` done while ! nextdestiny ; do echo "Retrying next destiny..." done tar zxvf `basename $TARG` cd /tmp/`basename $TARG` ./runme.sh cd - fi sleep 5 # something may be transiently wrong, check back in 5 seconds getdestiny if grep error /tmp/destiny; then echo ERROR: see above fi done |