Security Concerns about the nsca daemon
sean finney
seanius at seanius.net
Tue Feb 21 21:49:47 CET 2006
On Tue, Feb 21, 2006 at 04:46:10PM +0100, Marc Haber wrote:
> > At run-time, I'd say.
>
> Even better, one would have to worry about input processing though.
i think this isn't a big concern... if you look at the
global_command_prefix dpatch[1] (which has been forwarded
to ethan, and i believe committed), you can see that adding
another config file option is basically as simple as adding
another else if(strncmp(...)) do_something.
furthermore, i would strongly advise against hard-coding the location
with #ifdef's. currently in debian the command file for nagios 1.x and
nagios 2.x resides in different directories[2]. if we hard coded the
chroot dir, we could either (a) only support one version of nagios
with this feature or (b) have to provide two seperate binaries
for only this purpose.
sean
[1] dpatch is a popular system for tracking debian-specific patches to
upstream source.
[2] perhaps they should be in the same dir, but it does show the lack of
flexibility provided by this route.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060221/ee127907/attachment.sig>
More information about the Developers
mailing list