[Nagiosplug-devel] Security discussion - don't run as root plugins
Thomas Guyot-Sionnest
dermoth at aei.ca
Sun Jul 20 14:22:19 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/07/08 05:44 AM, Andreas Ericsson wrote:
> Hendrik Bäcker wrote:
>> I could imagine of a getopt optione like "--yes-run-as-root" without a
>> shortcut like "-r" for it. If the user has to type this into his command
>> definition he should know that he is doing.
>>
>
> Except that that means possibly-suid plugins will have to parse userland
> data before deciding it should drop privileges, and using library calls
> at that, so all the code isn't easily audited.
What about my suggestion of using an environment variable?
See my other reply...
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIgy376dZ+Kt5BchYRAmGmAKCd5Y4Yuv2gQ38fnaQj0RaccgHlZgCfdEg9
txycHSFd2di1M81lnoPi0zg=
=Dyul
-----END PGP SIGNATURE-----
More information about the Devel
mailing list