[Nagiosplug-devel] [RFC] Plugins config file

sean finney seanius at seanius.net
Mon Oct 16 19:08:02 CEST 2006


hey andreas,

On Mon, 2006-10-16 at 13:25 +0200, Andreas Ericsson wrote:
> If an attacker has access to your system in a way that lets them list 
> processes of any arbitrary user, I fail to see how you could protect 
> this configuration file in a sane way.

so granted, this is all *mostly* a bunch of theoretical wanking, but the
problem is you need a minimal set of permissions to be able to invoke
ps to grab environment variables/cmdline options, but without some extra
leverage you can't overcome filesystem permissions to read a file
chowned to the nagios user.


	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
URL: <http://nagios-plugins.org/archive/devel/attachments/20061016/9d95de77/attachment.sig>


More information about the Devel mailing list