[Nagiosplug-devel] check_ping and check_icmp confusion
sean finney
seanius at seanius.net
Thu Feb 23 00:08:02 CET 2006
just to chime in here on the ping vs icmp topic,
i think it's high time that we drop check_ping as the official
pinging program and choose check_icmp as the default. to allay
the security concerns of another installed setuid binary, my
suggestion is we do what andreas has suggested and install
it as root:nagios/4710. this way it's only able to be run
by other members of the nagios group.
as andreas pointed out, it drops it's root privileges immediately
as well, so it's not really cause for much concern anyway. i'd
also support your idea to chroot, but i'd suggest to make it
non-default behaviour and configurable as a cmdline option. that
would prvent the bogus support-inducing error messages, but would
give software packagers like myself (who know somewhere the plugin
could chroot itself on a debian system) the ability to introduce
this easily as part of a default installation.
personally, i'd prefer to completely purge check_ping, and make
it a symlink pointing to check_icmp. perhaps this would require
some extra code if the cmline options aren't compatible, but
it would make our code base a whole lot cleaner.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://nagios-plugins.org/archive/devel/attachments/20060223/8f64dd0b/attachment.sig>
More information about the Devel
mailing list