[Nagiosplug-devel] Feature request: extend check_ping to specify source address

[Andreas Ericsson]

Christian Schneemann wrote:
> On Thursday July 17 2008 09:25:09 am Matthias Eble wrote:
>> On Thu, 2008-07-17 at 09:48 +1000, Dave Horsfall wrote:
>>> to specify the source address on the executed "ping"
>>> command (*BSD: -S, Linux: -I) to be able to monitor a host on the
>>> other
>>> end of a VPN.  I sent the outline of a patch to the FreeBSD ports
>>> people,
>>> and they referred me here instead (whilst commenting it was a good
>>> idea).
>>>
>>> Is this planned to be introduced at all?
>> Hi Dave,
>> this feature is already provided by check_icmp.
>> The only drawback of check_icmp is that it needs super user privileges
>> (set uid root or sudo).
> But why not enhancing the check_ping with this option?
> In my opinion it is a better way than giving some binaries a suid bit.
> 

/bin/ping already requires that suid bit, so it's not as if he'd have
to give it to one more program. Instead, he could remove it (or tighten
it) on /bin/ping and let check_icmp be mode 4710, with root:nagios
ownership.

Besides, check_icmp maintains its root privileges for all of 15
lines of code, handling 0 bits of userspace data before dropping
it.

The whole auto-discovery dance in ./configure for check_ping
just makes it totally appalling and not very trustworthy, imo.


-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231