[Nagiosplug-devel] Check Ping rewrite

[Karl DeBisschop]

I've expressed before that I'm quite concerned about doing ICMP
natively, since that will require a setuid root binary on most systems.

While I've definitely backed off my initial reservations somewhat, I
still have them.

When we get around to this issue, I'd like to suggest a new plugin,
'check_icmp' that make the network calls, keeping check_ping more or
less as it is.

Additionally, I'd like to consider keeping the existing ping sysntax
checks more or less as they are, but making the result of configure be
the DEFAULT invocation of ping. letting the users provide and alternate
systax at run time via a command line switch.

I just can't shake the fear that we really up the security concerns we
have to face once we start shipping a setuid plugin in the core. So by
the above plan, we provide the utility, but don't force people to use
it.

Also, before we release a check_icmp, I'm going to want to see A LOT of
checking. It will need to compile very srtictly with no warnings, and it
will need to pass any lint-type utility or purify equivalent or wahtever
before I'll be comforatable with shipping something steuid root with the
intention that every Nagios install out there might run this for
check_host_alive. The risks seem very large to my mind.

Good, now I've got that off my chest....

-- 
Karl