[Nagiosplug-devel] Security discussion - don't run as root plugins
Andreas Ericsson
ae at op5.se
Mon Jul 21 09:46:40 CEST 2008
Thomas Guyot-Sionnest wrote:
>
> One more though about it... I talked about a switch so far, but I think
> it could be a better idea to make it an environment variable, so we
> could drop root even before parsing arguments. Bugs in argument
> processing could become a security issue if untrusted users has the
> possibility to specify/alter arguments. While I'm aware there are many
> other security implication regarding this, it's not a reason not to do
> our best on the part we control.
>
The user controls the environment as well, so the net gain is zero.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
More information about the Devel
mailing list