[Nagiosplug-devel] [ nagiosplug-Bugs-1381604 ] Perlsec breaks any perl plugin with perl 5.8.x

SourceForge.net noreply at sourceforge.net
Thu Dec 15 05:21:19 CET 2005

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-1381604 ] Perlsec breaks any perl plugin with perl 5.8.x
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1381801 ] check_ntp does not support type "unknown" at the ntpq output
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bugs item #1381604, was opened at 2005-12-15 13:18
Message generated for change (Settings changed) made by hvenzke
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1381604&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: CVS
Status: Open
>Resolution: Works For Me
>Priority: 7
Submitted By: radm (hvenzke)
Assigned to: Nobody/Anonymous (nobody)
Summary: Perlsec breaks any perl plugin with perl 5.8.x

Initial Comment:
I Nagios Dev team members,

>
> i got an general problem with latest nagios(2.x) and
some perl scripts:
>
> proxy:/tmp/1/opt/nagios/plugins # ./check_rpc -H
127.0.0.1 -C portmapper                  OK: RPC
program portmapper version 2 udp running
> proxy:/tmp/1/opt/nagios/plugins # cp -p ./check_rpc
/opt/nagios/plugins/check_rpc_new
> proxy:/tmp/1/opt/nagios/plugins #
/opt/nagios/plugins/check_rpc_new -H 127.0.0.1 -C
portmapper
> OK: RPC program portmapper version 2 udp running
> proxy:/tmp/1/opt/nagios/plugins # su - nagios
> nagios at proxy:~> /opt/nagios/plugins/check_rpc_new -H
127.0.0.1 -C portmapper
> Insecure dependency in piped open while running
setuid at /opt/nagios/plugins/check_rpc_new line 309.
> nagios at proxy:~> perl -v
>
> This is perl, v5.8.7 built for i586-linux-thread-multi
>
> Copyright 1987-2005, Larry Wall
>
> Perl may be copied only under the terms of either the
Artistic License or the
> GNU General Public License, which may be found in the
Perl 5 source kit.
>
> Complete documentation for Perl, including FAQ lists,
should be found on
> this system using `man perl' or `perldoc perl'.  If
you have access to the
> Internet, point your browser at http://www.perl.org/,
the Perl Home Page.
>
> nagios at proxy:~>
> nagios at proxy:~> cat /etc/SuSE-release
> SUSE LINUX 10.0 (i586)
> VERSION = 10.0
> nagios at proxy:~> uname -a
> Linux proxy 2.6.13-15-default #1 Tue Sep 13 14:56:15
UTC 2005 i686 i686 i386 GNU/Linux
> nagios at proxy:~>
>
> Same gotten with some other perl check like check_disk.
>
> seems perl thing got broken again..
>
> Kind regards ,
>
> Horst Venzke
>
After found time again for testings...
Perl doc
http://www.perl.com/doc/manual/html/pod/perlsec.html#Switches_On_the_Line
Give us the posibly to get off the above , without
mutch code changes now...,  all what has to be addes
been  the -U switch and remove any -w /-W


In example :

instread using

#!/usr/bin/perl -w

use

#!/usr/bin/perl -U


So this been valid for  ALL perl plugins on any distro.
Tested on suse, redhat , debian , Sun solaris, aix ...
with nagios- plug 1.4.2 and also with older ...
And the reason was that perlÂ´s securuity levels raised
up in general with 5.8.x

Ethan / Ton /../..       Request For Common : 
In some  Nagios / nagios-plugin coding styles this
perlsec problem shuold mentioned to get OFF this in
general... needs some wiork on all perl things


Kind regards

Horst Venzke

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1381604&group_id=29880

Previous message: [Nagiosplug-devel] [ nagiosplug-Bugs-1381604 ] Perlsec breaks any perl plugin with perl 5.8.x
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1381801 ] check_ntp does not support type "unknown" at the ntpq output
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list