[Nagiosplug-devel] Security discussion - don't run as root plugins

Andreas Ericsson ae at op5.se
Sun Jul 20 11:44:06 CEST 2008


Hendrik BŠäcker wrote:
> I could imagine of a getopt optione like "--yes-run-as-root" without a
> shortcut like "-r" for it. If the user has to type this into his command
> definition he should know that he is doing.
> 

Except that that means possibly-suid plugins will have to parse userland
data before deciding it should drop privileges, and using library calls
at that, so all the code isn't easily audited.

I advice against it in the strongest possible terms. If anything, improve
the error messages to read something like:

Failed to read /proc/foo/var12: Permission denied
This plugin requires access to the frotz interface, which it currently
doesn't have. To grant such access, do <insert-recommended-reasonably-
secure-way-here>"

That would also serve as a small education to those who aren't aware of
security issues, so it's a win-win-win situation imo.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231




More information about the Devel mailing list