[Nagiosplug-devel] [ nagiosplug-Bugs-1381604 ] Perlsec breaks any perl plugin with perl 5.8.x
SourceForge.net
noreply at sourceforge.net
Thu Dec 15 05:19:07 CET 2005
Bugs item #1381604, was opened at 2005-12-15 13:18
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1381604&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: CVS
Status: Open
Resolution: None
Priority: 5
Submitted By: radm (hvenzke)
Assigned to: Nobody/Anonymous (nobody)
Summary: Perlsec breaks any perl plugin with perl 5.8.x
Initial Comment:
I Nagios Dev team members,
>
> i got an general problem with latest nagios(2.x) and
some perl scripts:
>
> proxy:/tmp/1/opt/nagios/plugins # ./check_rpc -H
127.0.0.1 -C portmapper OK: RPC
program portmapper version 2 udp running
> proxy:/tmp/1/opt/nagios/plugins # cp -p ./check_rpc
/opt/nagios/plugins/check_rpc_new
> proxy:/tmp/1/opt/nagios/plugins #
/opt/nagios/plugins/check_rpc_new -H 127.0.0.1 -C
portmapper
> OK: RPC program portmapper version 2 udp running
> proxy:/tmp/1/opt/nagios/plugins # su - nagios
> nagios at proxy:~> /opt/nagios/plugins/check_rpc_new -H
127.0.0.1 -C portmapper
> Insecure dependency in piped open while running
setuid at /opt/nagios/plugins/check_rpc_new line 309.
> nagios at proxy:~> perl -v
>
> This is perl, v5.8.7 built for i586-linux-thread-multi
>
> Copyright 1987-2005, Larry Wall
>
> Perl may be copied only under the terms of either the
Artistic License or the
> GNU General Public License, which may be found in the
Perl 5 source kit.
>
> Complete documentation for Perl, including FAQ lists,
should be found on
> this system using `man perl' or `perldoc perl'. If
you have access to the
> Internet, point your browser at http://www.perl.org/,
the Perl Home Page.
>
> nagios at proxy:~>
> nagios at proxy:~> cat /etc/SuSE-release
> SUSE LINUX 10.0 (i586)
> VERSION = 10.0
> nagios at proxy:~> uname -a
> Linux proxy 2.6.13-15-default #1 Tue Sep 13 14:56:15
UTC 2005 i686 i686 i386 GNU/Linux
> nagios at proxy:~>
>
> Same gotten with some other perl check like check_disk.
>
> seems perl thing got broken again..
>
> Kind regards ,
>
> Horst Venzke
>
After found time again for testings...
Perl doc
http://www.perl.com/doc/manual/html/pod/perlsec.html#Switches_On_the_Line
Give us the posibly to get off the above , without
mutch code changes now..., all what has to be addes
been the -U switch and remove any -w /-W
In example :
instread using
#!/usr/bin/perl -w
use
#!/usr/bin/perl -U
So this been valid for ALL perl plugins on any distro.
Tested on suse, redhat , debian , Sun solaris, aix ...
with nagios- plug 1.4.2 and also with older ...
And the reason was that perl´s securuity levels raised
up in general with 5.8.x
Ethan / Ton /../.. Request For Common :
In some Nagios / nagios-plugin coding styles this
perlsec problem shuold mentioned to get OFF this in
general... needs some wiork on all perl things
Kind regards
Horst Venzke
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1381604&group_id=29880
More information about the Devel
mailing list