[Nagiosplug-devel] [RFC] Plugins config file
sean finney
seanius at seanius.net
Mon Oct 16 19:08:02 CEST 2006
hey andreas,
On Mon, 2006-10-16 at 13:25 +0200, Andreas Ericsson wrote:
> If an attacker has access to your system in a way that lets them list
> processes of any arbitrary user, I fail to see how you could protect
> this configuration file in a sane way.
so granted, this is all *mostly* a bunch of theoretical wanking, but the
problem is you need a minimal set of permissions to be able to invoke
ps to grab environment variables/cmdline options, but without some extra
leverage you can't overcome filesystem permissions to read a file
chowned to the nagios user.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://nagios-plugins.org/archive/devel/attachments/20061016/9d95de77/attachment.sig>
More information about the Devel
mailing list