[Nagiosplug-devel] Security discussion - don't run as root plugins

Thomas Guyot-Sionnest dermoth at aei.ca
Mon Jul 21 14:18:04 CEST 2008

Hash: SHA1

On 21/07/08 03:46 AM, Andreas Ericsson wrote:
> Thomas Guyot-Sionnest wrote:
>> One more though about it... I talked about a switch so far, but I think
>> it could be a better idea to make it an environment variable, so we
>> could drop root even before parsing arguments. Bugs in argument
>> processing could become a security issue if untrusted users has the
>> possibility to specify/alter arguments. While I'm aware there are many
>> other security implication regarding this, it's not a reason not to do
>> our best on the part we control.
> The user controls the environment as well, so the net gain is zero.

When you parse arguments you usually parse them all, so you can have
bugs there... By using environment I can simply fetch the pointer to the
string in the environment before going any argument parsing. And you
won't have much to do before dropping privileges.

Overall the security is still enhanced as for this extra code to run the
plugin must be root already (and this will avoid much more code running
as root).

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Devel mailing list