[Nagiosplug-devel] Antwort: Security discussion - don't run as root plugins

[Matthias Eble]

Hi all,

On Mon, 2008-07-21 at 11:05 +0200, Andreas Ericsson wrote:
> To prevent user-errors while debugging, I could imagine doing something
> like this (obviously with a more informative message):
> 
> end_of_real_output:
>     if (!geteuid() && isatty(fileno(stdout))
>         printf(stderr, "Don't debug plugins as root.\n");

this is exactly what I wanted to propose while reading this thread.

Dropping privileges to which id ever determined by an argument, env-var
or whatever isn't worth the effort if you ask me. Under normal
circumstances the plugins (except the plugins-root/ ones) are run with
an unprivileged uid. If not, one has to assume the user knows what
he/she is doing. Thus no one should be hindered to do so, as this might
be necessary or sensible in some cases. 

I definitely hate the problem reports made by uid-0-testers. So
attaching a note to stderr is a good way to inform interactive users
that they might do something wrong.

I could also image adding such a text to the last line of plugin stdout.
With that, the warning is also shown in the UI (v3) or silently ignored
(v2). A configure option could also be added to prevent writing the
warning to stdout.

Matthias




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20080723/3c3a9c49/attachment.sig>