Security Concerns about the nsca daemon

Marc Haber mh+nagios-devel at zugschlus.de
Tue Feb 21 17:42:28 CET 2006

Previous message: Security Concerns about the nsca daemon
Next message: Security Concerns about the nsca daemon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 21, 2006 at 05:35:53PM +0100, Andreas Ericsson wrote:
> Marc Haber wrote:
> >On Tue, Feb 21, 2006 at 03:34:22PM +0100, Andreas Ericsson wrote:
> >
> >>Marc Haber wrote:
> >>
> >>>The directory to chroot to should be configurable at compile time to
> >>>help FHS-compliant distributions. On Debian, the directory to use
> >>>would be /var/run/nsca, by example of sshd.
> >>>
> >>
> >>At run-time, I'd say.
> >
> >
> >Even better, one would have to worry about input processing though.
> >
> 
> Not sure I follow you there.

A compile-time setting will end up in a #define, so one can assume
that whatever is there isn't maliciously set. For a run-time setting,
one must verify that the parameter is acutally a valid path name, that
no wildcard or relative path stunts are pulled, and one needs to go
through the hassle of string handling in C, which is always a source
for buffer overflow errors, which will have bad consequences at the
time of option parsing since we are not yet chrooted and still hold
root privileges at that point.

> >>>As sean has already said, this breaks as soon as the nagios daemon
> >>>re-creates the named pipe for some reason.
> >>
> >>True. That means setting the jail-dir at compile-time goes out the 
> >>window though. It would be better to grok the jail from the nagios 
> >>config file.
> >
> >That, however, rules out the possible simplest implementation of
> >allowing multiple command_file directives in nagios.cfg since nsca
> >won't be able to grok its chroot location from there.
> 
> But if we do this there's no need to support multiple command_file 
> directives. It's the cleanest solution.

Having multiple command_file directives is desireable, IMO, since one
could then run multiple instances of programs that can deliver
external commands (web, wap, nsca, e-mail, irc etc) to nagios, all of
them potentially chrooted. It's like adapting nagios for a general
thing, not just for nsca.

otoh, all of these interfaces could lead to send_nsca being called,
which would reduce the number of nagios interfaces to one: nsca.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

Previous message: Security Concerns about the nsca daemon
Next message: Security Concerns about the nsca daemon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list