[Nagiosplug-devel] Security discussion - don't run as root plugins

Thomas Guyot-Sionnest dermoth at aei.ca
Sun Jul 20 14:22:19 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/07/08 05:44 AM, Andreas Ericsson wrote:
> Hendrik BŠäcker wrote:
>> I could imagine of a getopt optione like "--yes-run-as-root" without a
>> shortcut like "-r" for it. If the user has to type this into his command
>> definition he should know that he is doing.
>>
> 
> Except that that means possibly-suid plugins will have to parse userland
> data before deciding it should drop privileges, and using library calls
> at that, so all the code isn't easily audited.

What about my suggestion of using an environment variable?

See my other reply...

Thomas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIgy376dZ+Kt5BchYRAmGmAKCd5Y4Yuv2gQ38fnaQj0RaccgHlZgCfdEg9
txycHSFd2di1M81lnoPi0zg=
=Dyul
-----END PGP SIGNATURE-----




More information about the Devel mailing list