[Nagiosplug-devel] Security discussion - don't run as root plugins

Andreas Ericsson ae at op5.se
Mon Jul 21 09:46:40 CEST 2008


Thomas Guyot-Sionnest wrote:
>
> One more though about it... I talked about a switch so far, but I think
> it could be a better idea to make it an environment variable, so we
> could drop root even before parsing arguments. Bugs in argument
> processing could become a security issue if untrusted users has the
> possibility to specify/alter arguments. While I'm aware there are many
> other security implication regarding this, it's not a reason not to do
> our best on the part we control.
> 

The user controls the environment as well, so the net gain is zero.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231




More information about the Devel mailing list