[probe] fix process58_item session_id

get session_id from /proc/id/stat instead of /proc/id/sessionid /proc/id/stat is used by 'ps'
lichnak · Dec 22, 2013 · c87a64e · c87a64e
1 parent eca174a
commit c87a64e
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 1 deletion.
diff --git a/src/OVAL/probes/unix/process58.c b/src/OVAL/probes/unix/process58.c
@@ -211,12 +211,15 @@ static int get_uids(int pid, struct result_info *r)
 		fclose(sf);
 	}
 
+	/* we get session id from /pros/id/stat (same as ps) */
+	/*
 	snprintf(buf, sizeof(buf), "/proc/%d/sessionid", pid);
 	sf = fopen(buf, "rt");
 	if (sf) {
 		fscanf(sf, "%d", &r->session_id);
 		fclose(sf);
 	}
+	*/
 
 	return 0;
 }
@@ -500,6 +503,8 @@ static int read_process(SEXP_t *cmd_ent, SEXP_t *pid_ent, probe_ctx *ctx)
 			posix_capabilities = get_posix_capability(pid);
 			r.posix_capability = posix_capabilities;
 
+			r.session_id = session;
+
 			get_uids(pid, &r);
 			report_finding(&r, ctx);
 

diff --git a/tests/probes/process58/Makefile.am b/tests/probes/process58/Makefile.am
@@ -17,5 +17,7 @@ EXTRA_DIST += \
 	dev_to_tty.oval.xml \
 	dev_to_tty.sh \
 	loginuid.oval.xml \
-	loginuid.sh
+	loginuid.sh \
+	sessionid.oval.xml \
+	sessionid.sh
 
diff --git a/tests/probes/process58/all.sh b/tests/probes/process58/all.sh
@@ -6,4 +6,5 @@ test_init tests_probes_process88.log
 test_run "Ensure that selinux_domain_label is collected" $srcdir/selinux_domain_label.sh
 test_run "Ensure that tty number is translated into name" $srcdir/dev_to_tty.sh
 test_run "Ensure loguid return unsighned int (cat /proc/ID/loginuid)" $srcdir/loginuid.sh
+test_run "Ensure sessionid is correct" $srcdir/sessionid.sh
 test_exit
diff --git a/tests/probes/process58/sessionid.oval.xml b/tests/probes/process58/sessionid.oval.xml
@@ -0,0 +1,36 @@
+<oval_definitions xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
+    <generator>
+      <oval:product_name>My hands</oval:product_name>
+      <oval:product_version>1.0</oval:product_version>
+      <oval:schema_version>5.10.1</oval:schema_version>
+      <oval:timestamp>2013-11-27T11:48:00+01:00</oval:timestamp>
+    </generator>
+    <definitions>
+      <definition id="oval:x:def:1" version="1" class="compliance">
+        <metadata>
+          <title>Test</title>
+          <description>Collect info about process 1</description>
+        </metadata>
+        <criteria>
+          <criterion test_ref="oval:x:tst:1" comment="Test"/>
+        </criteria>
+      </definition>
+    </definitions>
+    <tests>
+      <unix-def:process58_test id="oval:x:tst:1" version="1" check="all" comment="Test.">
+        <unix-def:object object_ref="oval:x:obj:1"/>
+	<unix-def:state state_ref="oval:x:ste:1"/>
+      </unix-def:process58_test>
+    </tests>
+    <objects>
+      <unix-def:process58_object id="oval:x:obj:1" version="1">
+        <unix-def:command_line operation="pattern match">.*</unix-def:command_line>
+        <unix-def:pid datatype="int">1</unix-def:pid>
+      </unix-def:process58_object>
+    </objects>
+    <states>
+      <unix-def:process58_state id="oval:x:ste:1" version="1">
+        <unix-def:session_id datatype="int">1</unix-def:session_id>
+      </unix-def:process58_state>
+    </states>
+</oval_definitions>
diff --git a/tests/probes/process58/sessionid.sh b/tests/probes/process58/sessionid.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e -o pipefail
+
+name=$(basename $0 .sh)
+result=$(mktemp ${name}.out.XXXXXX)
+echo "result file: $result"
+stderr=$(mktemp ${name}.err.XXXXXX)
+echo "stderr file: $stderr"
+
+echo "Eval:"
+$OSCAP oval eval --results $result $srcdir/$name.oval.xml 2> $stderr
+[ -f $stderr ];
+
+rm $stderr
+
+[ -f $result ]
+assert_exists 1 '/oval_results/results/system/definitions/definition[@result="true"]'
+
+rm $result