* Kent Fritz [31. Jul 2015]: > On my system, all the generate scripts are installed as root:root with > 0754 permissions: > -rwxr-xr-- 1 root root 1019 May 11 03:52 > /usr/share/openvas/openvasmd/global_report_formats/a994b278-1f62-11e1-96ac-406186ea4fc5/generate* > > The code drops privileges to "nobody" before executing. That's never > going to work. So, on your system, what is the user/group ownership > of those files and what are the permissions?
Thank you for mentioning the privilege drop, that was indeed the source of the problem. A patch setting the world executable bit when installing the scripts (r22358) was not backported to the OpenVAS-8. But since I was running OpenVAS Manager with already reduced privileges in my tests, there was no privilege drop and thus I could only observe it after my manual changes mentioned earlier. I have backported r22358 to the openvas-manager-6.0 branch in r22939 which should solve this problem. We will release new OpenVAS-8 in the next few days which will address this and other issues. Apologies for the long time it took to reproduce and fix this issue. Many thanks to everybody who helped in tracking down this bug! Regards Michael -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
pgp9pF7g_FpOt.pgp
Description: PGP signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
