[Nagiosplug-devel] [Nagiosplug-help] SSH Plugins

Thomas Guyot-Sionnest dermoth at aei.ca
Wed Jun 23 17:29:00 CEST 2010

Previous message: [Nagiosplug-devel] [Nagiosplug-help] SSH Plugins
Next message: [Nagiosplug-devel] Hello, can someone help me...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10-06-18 03:55 AM, Andreas Ericsson wrote:
> On 06/18/2010 09:47 AM, Ton Voon wrote:
>>
>>
>> I set to C, to ensure that the output is not localised from the other
>> end. But that wouldn't work in different locales if you wanted to
>> capture 3rd party error messages in other languages. So it probably
>> should be a plugin writer's decision whether to set LC_ALL=C.
>>
>> As to the whole environment, I can't recall why it is wiped. I can see
>> that PATH could have been altered which maybe a security risk, but
>> that seems like a bad excuse, especially if your system requires
>> different PATHs to be set to get to some binaries (*cough*, Solaris).
>>
> 
> It was wiped in the old popen() based implementation. I retained that
> behaviour when I wrote the runcmd() wrapper thing, and noone seems to
> have gotten around to reverting that change. I think setting LC_ALL=C
> explicitly and retaining the rest of the environment would be a far
> better solution, although that environment should almost certainly be
> passed in from the caller rather than automangled at the lowest level.
> That way, we can simply use the incredibly portable
> 
>   int main(int argc, char **argv, char **env);
> 
> declaration of 'main'. I have no idea if 'extern char *environ;' is
> around on all systems where we'd like to support plugin execution,
> but the declaration style above works even on VMS and Ultrix, so it's
> safe to assume it will work everywhere.

There might be other issues to be careful about with **env... See:
https://www.securecoding.cert.org/confluence/display/seccode/ENV31-C.+Do+not+rely+on+an+environment+pointer+following+an+operation+that+may+invalidate+it

I would tend to just use **environ where available and fall back to the
current behaviour otherwise... It also seems that we can get portable
setenv and **environ with gnulib. With the appropriate modules ingluded,
I could just use setenv to add LC_ALL and then use **environ which will
have my added variable.

- -- 
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwiKDYACgkQ6dZ+Kt5BchZpjQCcD848o7r2uGF4uBug7PkgUfhe
6FcAoLJ1e9742HJVq/klBGraccilsn5j
=CG7V
-----END PGP SIGNATURE-----

Previous message: [Nagiosplug-devel] [Nagiosplug-help] SSH Plugins
Next message: [Nagiosplug-devel] Hello, can someone help me...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list