#725313 ohai has invalid names in the "listeners" section

Package:
ohai
Source:
ohai
Submitter:
Simon Heath
Date:
2024-01-17 11:00:02 UTC
Severity:
important
Tags:
#725313#5
Date:
2013-10-04 00:59:25 UTC
From:
To:
Dear Maintainer,
I just installed ohai on a debian-testing system and ran it, and noticed
that in the "listeners" section it produces junk output for the names
of the processes listening on all the ports.
This is what it produces:
----
    "listeners": {
      "tcp": {
        "1922": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "5222": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "6502": {
          "address": "127.0.0.1",
          "pid": 0,
          "name":
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
        },
        "3142": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "6600": {
          "address": "::1",
          "pid": 0,
          "name": "gitit"
        },
        "139": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "783": {
          "address": "127.0.0.1",
          "pid": 0,
          "name":
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
        },
        "80": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "8080": {
          "address": "*",
          "pid": 0,
          "name":
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
        },
        "5269": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "22": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "8888": {
          "address": "*",
          "pid": 15676,
          "name": "gitit"
        },
        "25": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "443": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "445": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "64738": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        },
        "4949": {
          "address": "*",
          "pid": 0,
          "name": "gitit"
        }
      }
    }
----

Here is the output of "sudo iptables -lntp" which shows the real names
of the running processes:
----
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:1922            0.0.0.0:*               LISTEN      4001/sshd
tcp        0      0 0.0.0.0:5222            0.0.0.0:*               LISTEN      28163/lua5.1
tcp        0      0 127.0.0.1:6502          0.0.0.0:*               LISTEN      4045/murmurd
tcp        0      0 0.0.0.0:3142            0.0.0.0:*               LISTEN      3128/apt-cacher-ng
tcp        0      0 127.0.0.1:6600          0.0.0.0:*               LISTEN      3753/mpd
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      18724/smbd
tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      4108/spamd.pid
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      22206/lighttpd
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      3127/icecast2
tcp        0      0 0.0.0.0:5269            0.0.0.0:*               LISTEN      28163/lua5.1
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      4001/sshd
tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      15676/gitit
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      4213/master
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      22206/lighttpd
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      18724/smbd
tcp6       0      0 :::64738                :::*                    LISTEN      4045/murmurd
tcp6       0      0 :::1922                 :::*                    LISTEN      4001/sshd
tcp6       0      0 :::5222                 :::*                    LISTEN      28163/lua5.1
tcp6       0      0 :::3142                 :::*                    LISTEN      3128/apt-cacher-ng
tcp6       0      0 ::1:6600                :::*                    LISTEN      3753/mpd
tcp6       0      0 :::139                  :::*                    LISTEN      18724/smbd
tcp6       0      0 :::80                   :::*                    LISTEN      22206/lighttpd
tcp6       0      0 :::5269                 :::*                    LISTEN      28163/lua5.1
tcp6       0      0 :::4949                 :::*                    LISTEN      3179/perl
tcp6       0      0 :::22                   :::*                    LISTEN      4001/sshd
tcp6       0      0 :::25                   :::*                    LISTEN      4213/master
tcp6       0      0 :::443                  :::*                    LISTEN      22206/lighttpd
tcp6       0      0 :::445                  :::*                    LISTEN      18724/smbd
----

Shutting down the 'gitit' service results in it giving the
"{2})*)*(?:/(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*(?:;(?:[\\-_.!~*'()a-zA-Z\\d:@&=+$,]|%[a-fA-F\\d]{2})*)*)*\\z"
regexp for every service name.

Upon reflection, this is because the user running ohai is not
privilieged enough to get the processes of listening servers, and
running ohai as the root user gives all the right process names
for the various listeners.  "gitit" was running as the same user
as ohai, so it could get that process name.  That does not explain
why it listed "gitit" as the process name for a pile of different
listening ports which had nothing to do with it though.

Surely when ohai gets no process name for a listener it should
degrade in a more graceful way than spewing a regexp.  And it
CERTAINLY should not give a random process name in place of one
it cannot determine.

Thank you,
Simon Heath

#725313#10
Date:
2020-07-15 21:36:26 UTC
From:
To:
Dear submitter,

as the package ohai has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/964889

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Sean Whitton (the ftpmaster behind the curtain)

#725313#23
Date:
2021-06-21 01:36:02 UTC
From:
To:
ohai has been removed from Debian and recently reintroduced with a new
version, it would be great if you could re-test this issue. Please note
that you will need to install the version from experimental as the
version in unstable is missing a dependency version.