[Nagiosplug-devel] oddity about check_procs plugin and solaris

Andreas Ericsson ae at op5.se
Mon Mar 30 12:53:29 CEST 2009

Previous message: [Nagiosplug-devel] oddity about check_procs plugin and solaris
Next message: [Nagiosplug-devel] oddity about check_procs plugin and solaris
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Philip Brown wrote:
> Andreas Ericsson wrote:
>>> Why is chgeck_procs truncating the prog path like that, when the raw PS 
>>> command is clearly NOT truncating?!
>>>
>> Again, it may not. Copy-paste the code snippets where it truncates the
>> variables and then again where it actually uses the truncated variable.
> 
> it "may not"??
> 

Well, it's not my problem, so I certainly won't waste 30-40 minutes going
through the source-code (which you clearly hadn't). Now you have, and I
happen to have some time to kill.

> i finally looked at the code. It truncates. and its even commented that it 
> truncates.
> 
> 
> "check_procs.c" line 196
> 
>        /* Some ps return full pathname for command. This removes path */
>        strcpy(procprog, base_name(procprog));
> 
> Older versions (1.3.1 specifically ) do not do this truncating.
> 

Sounds like you could get away with just removing that truncation then.

> It is sensible behaviour to check for the full path of an executable.
> Particularly for security reasons, since args can be falsified I believe(?), 

Yes. A program can, on most systems, rename itself to whatever it wants in
the process table (including the path), so as a means of checking for trojans
running on the system, using the full path and then feeling safe because of
that is stupid in the extreme.

> the one and only way to check for full path of an executable, is in that field.
> The field that currently has the information thrown away.
> 

So remove the truncation. I agree that it's rather stupid to on purpose
modify arguments given by the user, and a patch removing such behaviour
would get my support so long as it doesn't break anything else.
Please send the diff as a unified diff file against the latest git head.
I'll review it when it lands. Thanks.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

Previous message: [Nagiosplug-devel] oddity about check_procs plugin and solaris
Next message: [Nagiosplug-devel] oddity about check_procs plugin and solaris
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list