AIX Agent Listener Process starts with unexpected user
Article ID: 128880
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
If the Listener Process is configured to be started with user nobody (id 4294967294)
extract out of the ini of the agent:
=====================================================================
;listenerUID=65534
listenerUID=4294967294
20180621/180203.167 - ;listenerGID=65534
20180621/180203.167 - listenerGID=4294967294
=====================================================================
the process is started by another user id
1 A 2147483647 12124286 13238478 0 60 20 864619480 4028 18:02:03 pts/0 0:00 ucxjap6-listener
extract out of the ini of the agent:
=====================================================================
;listenerUID=65534
listenerUID=4294967294
20180621/180203.167 - ;listenerGID=65534
20180621/180203.167 - listenerGID=4294967294
=====================================================================
the process is started by another user id
1 A 2147483647 12124286 13238478 0 60 20 864619480 4028 18:02:03 pts/0 0:00 ucxjap6-listener
Environment
Problem is that this parameter is an signed integer limited to 2^31.
Cause
A problem has been fixed where the Unix Agent starts its listener process with an invalid user ID instead of NOBODY.
This it a potential security gap, because One Automation doesn't control if the user exists, or because it can start the listener process with another user without issuing any warning.
This it a potential security gap, because One Automation doesn't control if the user exists, or because it can start the listener process with another user without issuing any warning.
Resolution
Workaround:
Configure a user with a ID < 2^31.
Solution:
Configure a user with a ID < 2^31.
Solution:
Update to a fix version listed below or a newer version if available.
Component(s): Agent
Automation Engine 12.1.4 - Available
Automation Engine 12.2.2 - Available
Automation Engine 12.3.0 - Available
Feedback
Yes
No
Powered by
