[Nagiosplug-devel] Security discussion - don't run as root plugins

[Thomas Guyot-Sionnest]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/07/08 02:46 PM, Hendrik Bäcker wrote:
> Hi List,
> 
> just a few moments ago I've read a question by a user if it would be a 
> problem to run the nagios plugins with root right via check_by_ssh.
> 
> Yes - I laughed too as I read that. But in the following discussion it 
> clears up - they already have a spreaded root ssh key on most of their 
> systems and are to lazy to establish an unprivileged 'nagios' user on 
> their systems - so they would run them as root.
> 
> I know, security awareness should be part of the persons who are using 
> the tools, scripts and programs - but 80% of security holes came from 
> people who didn't know what they are doing.
> 
> Without starting a flame on this topic I would like to ask what do you 
> think of some security benefits like:
> 
> * don't run the code if UID is 0: Hard but effective - check uid and 
> abort with a warning.
> * try to drop the privileges to the givven user by the configure run as 
> a hard coded option

This is indeed a good idea... I think all plugins could drop privileges
if they are run as root. We should probably make it an option for both
Perl (Nagios::Plugins) and C plugins, and turn it to default behaviour
in a major release.

At the same time we would need a standard option to specify a user to
run as, so that anyone requiring root (or any other user) privileges for
some reason would still be able to.

This could also help catching the typical permission problems where
users succeed running plugins as root, but fails running them from Nagios.

Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIgVwE6dZ+Kt5BchYRAmGnAKCBEDlsXJ6xQtAn3UQ/k+2AzltB3QCfRYP4
ESd3wdtR9x7x6NqgoBmmalY=
=7xLx
-----END PGP SIGNATURE-----