Security Concerns about the nsca daemon

[Marc Haber]

On Tue, Feb 21, 2006 at 03:34:22PM +0100, Andreas Ericsson wrote:
> Marc Haber wrote:
> >The directory to chroot to should be configurable at compile time to
> >help FHS-compliant distributions. On Debian, the directory to use
> >would be /var/run/nsca, by example of sshd.
> >
> 
> At run-time, I'd say.

Even better, one would have to worry about input processing though.

> >As sean has already said, this breaks as soon as the nagios daemon
> >re-creates the named pipe for some reason.
> 
> True. That means setting the jail-dir at compile-time goes out the 
> window though. It would be better to grok the jail from the nagios 
> config file.

That, however, rules out the possible simplest implementation of
allowing multiple command_file directives in nagios.cfg since nsca
won't be able to grok its chroot location from there.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642