[Nagiosplug-devel] [ nagiosplug-Bugs-1291126 ] Alternate ps for Solaris
SourceForge.net
noreply at sourceforge.net
Wed Nov 2 01:06:34 CET 2005
Bugs item #1291126, was opened at 2005-09-14 12:04
Message generated for change (Comment added) made by seanius
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1291126&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: General plugin execution
Group: CVS
>Status: Pending
Resolution: None
Priority: 5
Submitted By: Bob Ingraham (rwingraham)
Assigned to: M. Sean Finney (seanius)
Summary: Alternate ps for Solaris
Initial Comment:
Per Sean, I am uploading the source for an alternate ps
utility for Solaris that will work with the existing
check_procs plugin.
This alternate ps gets around the 80-character limitation
inherent in the native ps for Solaris.
It has been extensively testing on our corporate Solaris
farm.
Notes:
1. I've installed this alternate ps (called pst3) in the
libexec directory, along with the other plugins.
2. It needs setuid-root permissions to run, but accepts
no arguments and reads no input streams and therefore
isn't subject to exploitations such as buffer overflow and
the like. The only reason is needs the setuid-root
permission is so that it can open the running kernel
image, in READ-ONLY mode, in order to access the
process argument vectors.
3. It requires a patch to the configuration file which
substitutes this alternate utility instead of ps for Soalris
systems.
Bob
----------------------------------------------------------------------
>Comment By: M. Sean Finney (seanius)
Date: 2005-11-02 04:05
Message:
Logged In: YES
user_id=226838
haven't heard back from ya, and haven't heard any
complaints, so i'm going to set this one to "pending" and
close it at the next release
----------------------------------------------------------------------
Comment By: M. Sean Finney (seanius)
Date: 2005-10-07 13:50
Message:
Logged In: YES
user_id=226838
hi bob,
any chance you've taken a look to see if check_procs now works
for you from cvs?
about the other issues, i guess i don't have the interest to
look
more into it if you don't :)
----------------------------------------------------------------------
Comment By: M. Sean Finney (seanius)
Date: 2005-09-25 11:23
Message:
Logged In: YES
user_id=226838
hi bob,
i've now included your code in cvs head, and mangled the
configure
script appropriately, so pst3 should now be the default for
all SunOS systems. could you try the latest copy of what's
in cvs and verify that it works for you? as i previously
stated, i don't have r00t on a solaris machine, unfortunately :(
likewise, to any others who have r00t access on a solaris
bug, i'd appreciate hearing back.
----------------------------------------------------------------------
Comment By: Bob Ingraham (rwingraham)
Date: 2005-09-22 15:20
Message:
Logged In: YES
user_id=1086870
Sean,
To answer your previous posts (sorry for the delay - I've been
slammed at work,):
1. why isn't pPsInfo->pr_pid included in the output?
I designed pst3 to exactly duplicate the output columns
produced by the output produced by the original Solaris ps
command:
/usr/bin/ps -Ao 's uid ppid vsz rss pcpu comm args'
You'll notice that Parent-PID is requested (ppid) but not the
current process PID (pid). According to the source for
check_procs, you can search for children of a parent PID
(hence the ppid,) or you can search for a username/uid
(hence the uid). But apparetnly, the option is not provided to
search for just a PID.
2. You need root access on a Solaris server.
I have a Solaris box I can test you config changes on.
3. Can I drop privileges after opening the kernel image?
I don't know if it will work. That would depend upon whether
the subsequent kvm_* calls also check the effective UID of
the caller or not. Do you still want me to try this?
Bob
----------------------------------------------------------------------
Comment By: M. Sean Finney (seanius)
Date: 2005-09-22 07:40
Message:
Logged In: YES
user_id=226838
slight complication, i'll email the list with details...
----------------------------------------------------------------------
Comment By: M. Sean Finney (seanius)
Date: 2005-09-22 05:32
Message:
Logged In: YES
user_id=226838
btw: why isn't pPsInfo->pr_pid included in the output?
----------------------------------------------------------------------
Comment By: M. Sean Finney (seanius)
Date: 2005-09-22 05:16
Message:
Logged In: YES
user_id=226838
hi bob, ton,
i just finished looking over the script, and it looks good.
unfortunately i no longer have root access to a solaris
server, so i can't install the plugin setuid root. i can
still throw together everything else (the configure patch,
etc), but the final test will need to be conducted by
someone else.
----------------------------------------------------------------------
Comment By: Ton Voon (tonvoon)
Date: 2005-09-21 06:14
Message:
Logged In: YES
user_id=664364
Sean,
plugins-root/ is created now. This would be the best place to put pst3.
Ton
----------------------------------------------------------------------
Comment By: Ton Voon (tonvoon)
Date: 2005-09-20 03:55
Message:
Logged In: YES
user_id=664364
Sean,
I have no problem with setuid scripts since we already have check_icmp
and check_dhcp, but they don't install as root at the moment (it is
manually done). I am trying to separate setuid scripts out to plugins-
root/ so then the installer can be configured to install with the correct
permissions, but haven't fully tested my local copy yet. Give me another
day to sort this out.
Ton
----------------------------------------------------------------------
Comment By: M. Sean Finney (seanius)
Date: 2005-09-19 11:27
Message:
Logged In: YES
user_id=226838
hi bob,
thanks for this, i've just taken a look over it. if this
program has to run setuid root to open the kmem structure,
would it be possible to drop priviliges immediately after
having done so?
ton: what are your thoughts about dropping this utility in
the libexec dir? i could throw together a pretty quick
configure patch to decide whether or not the ps utility was
needed. not sure how we're handling the other setuid
programs, but i could follow suit with whatever we're doing
for the others
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=1291126&group_id=29880
More information about the Devel
mailing list