[Nagiosplug-checkins] SF.net SVN: nagiosplug: [1994] nagiosplug/trunk

dermoth at users.sourceforge.net dermoth at users.sourceforge.net
Tue May 20 09:57:13 CEST 2008

Previous message: [Nagiosplug-checkins] SF.net SVN: nagiosplug: [1993] Nagios-Plugin/trunk
Next message: [Nagiosplug-checkins] SF.net SVN: nagiosplug: [1995] nagiosplug/trunk/plugins/t/check_by_ssh.t
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Revision: 1994
          http://nagiosplug.svn.sourceforge.net/nagiosplug/?rev=1994&view=rev
Author:   dermoth
Date:     2008-05-20 00:57:13 -0700 (Tue, 20 May 2008)

Log Message:
-----------
Clobber password in check_radius process list aguments

Modified Paths:
--------------
    nagiosplug/trunk/NEWS
    nagiosplug/trunk/plugins/check_radius.c

Modified: nagiosplug/trunk/NEWS
===================================================================
--- nagiosplug/trunk/NEWS	2008-05-14 11:19:53 UTC (rev 1993)
+++ nagiosplug/trunk/NEWS	2008-05-20 07:57:13 UTC (rev 1994)
@@ -18,7 +18,7 @@
 	check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453)
 	check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help
 	check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers)
-	check_mysql now try clearing password in processlist just like check_mysql_query
+	check_mysql and check_radius now try clearing password in processlist just like check_mysql_query
 	check_mysql and check_mysql_query now support sockets explicitely (-s, --socket)
 	negate now has the ability to replace the status text as well (-s, --substitute)
 	Added performance data to check_ping (Christian Schneemann)

Modified: nagiosplug/trunk/plugins/check_radius.c
===================================================================
--- nagiosplug/trunk/plugins/check_radius.c	2008-05-14 11:19:53 UTC (rev 1993)
+++ nagiosplug/trunk/plugins/check_radius.c	2008-05-20 07:57:13 UTC (rev 1994)
@@ -260,7 +260,13 @@
 			username = optarg;
 			break;
 		case 'p':									/* password */
-			password = optarg;
+			password = strdup(optarg);
+
+			/* Delete the password from process list */
+			while (*optarg != '\0') {
+				*optarg = 'X';
+				optarg++;
+			}
 			break;
 		case 'n':									/* nas id */
 			nasid = optarg;
@@ -343,9 +349,9 @@
   printf ("%s\n", _("name and password. A configuration file may also be present. The format of"));
   printf ("%s\n", _("the configuration file is described in the radiusclient library sources."));
 	printf ("%s\n", _("The password option presents a substantial security issue because the"));
-  printf ("%s\n", _("password can be determined by careful watching of the command line in"));
-  printf ("%s\n", _("a process listing.  This risk is exacerbated because nagios will"));
-  printf ("%s\n", _("run the plugin at regular predictable intervals.  Please be sure that"));
+  printf ("%s\n", _("password can possibly be determined by careful watching of the command line"));
+  printf ("%s\n", _("in a process listing. This risk is exacerbated because nagios will"));
+  printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that"));
   printf ("%s\n", _("the password used does not allow access to sensitive system resources."));
 
 #ifdef NP_EXTRA_OPTS


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.

Previous message: [Nagiosplug-checkins] SF.net SVN: nagiosplug: [1993] Nagios-Plugin/trunk
Next message: [Nagiosplug-checkins] SF.net SVN: nagiosplug: [1995] nagiosplug/trunk/plugins/t/check_by_ssh.t
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list