[Nagiosplug-devel] Security discussion - don't run as root plugins
Andreas Ericsson
ae at op5.se
Sun Jul 20 11:44:06 CEST 2008
Hendrik Bäcker wrote:
> I could imagine of a getopt optione like "--yes-run-as-root" without a
> shortcut like "-r" for it. If the user has to type this into his command
> definition he should know that he is doing.
>
Except that that means possibly-suid plugins will have to parse userland
data before deciding it should drop privileges, and using library calls
at that, so all the code isn't easily audited.
I advice against it in the strongest possible terms. If anything, improve
the error messages to read something like:
Failed to read /proc/foo/var12: Permission denied
This plugin requires access to the frotz interface, which it currently
doesn't have. To grant such access, do <insert-recommended-reasonably-
secure-way-here>"
That would also serve as a small education to those who aren't aware of
security issues, so it's a win-win-win situation imo.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
More information about the Devel
mailing list