[Nagiosplug-devel] [ nagiosplug-Bugs-1291126 ] Alternate ps for Solaris

SourceForge.net noreply at sourceforge.net
Thu Sep 22 12:21:07 CEST 2005


Bugs item #1291126, was opened at 2005-09-14 10:04
Message generated for change (Comment added) made by rwingraham
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1291126&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: CVS
Status: Open
Resolution: None
Priority: 5
Submitted By: Bob Ingraham (rwingraham)
Assigned to: M. Sean Finney (seanius)
Summary: Alternate ps for Solaris

Initial Comment:
Per Sean, I am uploading the source for an alternate ps 
utility for Solaris that will work with the existing 
check_procs plugin.

This alternate ps gets around the 80-character limitation 
inherent in the native ps for Solaris.

It has been extensively testing on our corporate Solaris 
farm.

Notes:

1. I've installed this alternate ps (called pst3) in the 
libexec directory, along with the other plugins.

2. It needs setuid-root permissions to run, but accepts 
no arguments and reads no input streams and therefore 
isn't subject to exploitations such as buffer overflow and 
the like.  The only reason is needs the setuid-root 
permission is so that it can open the running kernel 
image, in READ-ONLY mode, in order to access the 
process argument vectors.

3. It requires a patch to the configuration file which 
substitutes this alternate utility instead of ps for Soalris 
systems.

Bob


----------------------------------------------------------------------

>Comment By: Bob Ingraham (rwingraham)
Date: 2005-09-22 13:20

Message:
Logged In: YES 
user_id=1086870

Sean,

To answer your previous posts (sorry for the delay - I've been 
slammed at work,):

1. why isn't pPsInfo->pr_pid included in the output?

I designed pst3 to exactly duplicate the output columns 
produced by the output produced by the original Solaris ps 
command:

/usr/bin/ps -Ao 's uid ppid vsz rss pcpu comm args'

You'll notice that Parent-PID is requested (ppid) but not the 
current process PID (pid).  According to the source for 
check_procs, you can search for children of a parent PID 
(hence the ppid,) or you can search for a username/uid 
(hence the uid).  But apparetnly, the option is not provided to 
search for just a PID.

2. You need root access on a Solaris server.

I have a Solaris box I can test you config changes on.

3. Can I drop privileges after opening the kernel image?

I don't know if it will work.  That would depend upon whether 
the subsequent kvm_* calls also check the effective UID of 
the caller or not.  Do you still want me to try this?

Bob

----------------------------------------------------------------------

Comment By: M. Sean Finney (seanius)
Date: 2005-09-22 05:40

Message:
Logged In: YES 
user_id=226838

slight complication, i'll email the list with details...

----------------------------------------------------------------------

Comment By: M. Sean Finney (seanius)
Date: 2005-09-22 03:32

Message:
Logged In: YES 
user_id=226838

btw: why isn't pPsInfo->pr_pid included in the output?

----------------------------------------------------------------------

Comment By: M. Sean Finney (seanius)
Date: 2005-09-22 03:16

Message:
Logged In: YES 
user_id=226838

hi bob, ton,

i just finished looking over the script, and it looks good.
 unfortunately i no longer have root access to a solaris
server, so i can't install the plugin setuid root.  i can
still throw together everything else (the configure patch,
etc), but the final test will need to be conducted by
someone else.


----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2005-09-21 04:14

Message:
Logged In: YES 
user_id=664364

Sean,

plugins-root/ is created now. This would be the best place to put pst3.

Ton

----------------------------------------------------------------------

Comment By: Ton Voon (tonvoon)
Date: 2005-09-20 01:55

Message:
Logged In: YES 
user_id=664364

Sean,

I have no problem with setuid scripts since we already have check_icmp 
and check_dhcp, but they don't install as root at the moment (it is 
manually done). I am trying to separate setuid scripts out to plugins-
root/ so then the installer can be configured to install with the correct 
permissions, but haven't fully tested my local copy yet. Give me another 
day to sort this out.

Ton

----------------------------------------------------------------------

Comment By: M. Sean Finney (seanius)
Date: 2005-09-19 09:27

Message:
Logged In: YES 
user_id=226838

hi bob,

thanks for this, i've just taken a look over it.  if this
program has to run setuid root to open the kmem structure,
would it be possible to drop priviliges immediately after
having done so?

ton:  what are your thoughts about dropping this utility in
the libexec dir?  i could throw together a pretty quick
configure patch to decide whether or not the ps utility was
needed.  not sure how we're handling the other setuid
programs, but i could follow suit with whatever we're doing
for the others

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1291126&group_id=29880




More information about the Devel mailing list