Package: ohai
Version: 6.14.0-2
Severity: important
Dear Maintainer,
I just installed ohai on a debian-testing system and ran it, and noticed
that in the "listeners" section it produces junk output for the names
of the processes listening on all the ports.
This is what it produces:
----
"listeners": {
"tcp": {
"1922": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"5222": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"6502": {
"address": "127.0.0.1",
"pid": 0,
"name":
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
},
"3142": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"6600": {
"address": "::1",
"pid": 0,
"name": "gitit"
},
"139": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"783": {
"address": "127.0.0.1",
"pid": 0,
"name":
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
},
"80": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"8080": {
"address": "*",
"pid": 0,
"name":
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
},
"5269": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"22": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"8888": {
"address": "*",
"pid": 15676,
"name": "gitit"
},
"25": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"443": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"445": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"64738": {
"address": "*",
"pid": 0,
"name": "gitit"
},
"4949": {
"address": "*",
"pid": 0,
"name": "gitit"
}
}
}
----
Here is the output of "sudo iptables -lntp" which shows the real names
of the running processes:
----
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:1922 0.0.0.0:* LISTEN
4001/sshd
tcp 0 0 0.0.0.0:5222 0.0.0.0:* LISTEN
28163/lua5.1
tcp 0 0 127.0.0.1:6502 0.0.0.0:* LISTEN
4045/murmurd
tcp 0 0 0.0.0.0:3142 0.0.0.0:* LISTEN
3128/apt-cacher-ng
tcp 0 0 127.0.0.1:6600 0.0.0.0:* LISTEN
3753/mpd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
18724/smbd
tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN
4108/spamd.pid
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
22206/lighttpd
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
3127/icecast2
tcp 0 0 0.0.0.0:5269 0.0.0.0:* LISTEN
28163/lua5.1
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
4001/sshd
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
15676/gitit
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
4213/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
22206/lighttpd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
18724/smbd
tcp6 0 0 :::64738 :::* LISTEN
4045/murmurd
tcp6 0 0 :::1922 :::* LISTEN
4001/sshd
tcp6 0 0 :::5222 :::* LISTEN
28163/lua5.1
tcp6 0 0 :::3142 :::* LISTEN
3128/apt-cacher-ng
tcp6 0 0 ::1:6600 :::* LISTEN
3753/mpd
tcp6 0 0 :::139 :::* LISTEN
18724/smbd
tcp6 0 0 :::80 :::* LISTEN
22206/lighttpd
tcp6 0 0 :::5269 :::* LISTEN
28163/lua5.1
tcp6 0 0 :::4949 :::* LISTEN
3179/perl
tcp6 0 0 :::22 :::* LISTEN
4001/sshd
tcp6 0 0 :::25 :::* LISTEN
4213/master
tcp6 0 0 :::443 :::* LISTEN
22206/lighttpd
tcp6 0 0 :::445 :::* LISTEN
18724/smbd
----
Shutting down the 'gitit' service results in it giving the
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
regexp for every service name.
Upon reflection, this is because the user running ohai is not
privilieged enough to get the processes of listening servers, and
running ohai as the root user gives all the right process names
for the various listeners. "gitit" was running as the same user
as ohai, so it could get that process name. That does not explain
why it listed "gitit" as the process name for a pile of different
listening ports which had nothing to do with it though.
Surely when ohai gets no process name for a listener it should
degrade in a more graceful way than spewing a regexp. And it
CERTAINLY should not give a random process name in place of one
it cannot determine.
Thank you,
Simon Heath
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages ohai depends on:
ii ruby-ipaddress 0.8.0-1
ii ruby-mixlib-cli 1.2.2-2
ii ruby-mixlib-config 1.1.2-3
ii ruby-mixlib-log 1.4.1-1
ii ruby-sigar 0.7.2-1
ii ruby-systemu 2.5.1-1
ii ruby-yajl 1.1.0-2
ii ruby1.8 [ruby-interpreter] 1.8.7.358-7
ii ruby1.9.1 [ruby-interpreter] 1.9.3.194-8.1+b1
ohai recommends no packages.
ohai suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
