coredumps

[Andrew Ivanov]

Andreas Ericsson wrote:
> 
> That's the entire point right there. It's not supposed to be
> safe. It's supposed to be convenient. I would actually prefer
> if Nagios didn't dump core at all when started as root, because
> the core dump can then contain sensitive information.

Well, that explains a lot.
'daemon_dumps_core' option prevent Nagios from dumping cores, doesn't it?
And it's turned off by default.
Honestly, I've thought that all I need to dump core is turn this option on.
Core files have rights 600, so neither group, nor others can't read them.
These all are good two-level foolproof protection.

Ok, to dump cores one should set correct homedir for user nagios,
turn 'daemon_dumps_core' on, change Nagios startup script
to use 'su -' and run Nagios under user nagios. This should be enough,
but not very convenient.

We have security-convenience tradeoff here, and the choice is done
in favour of security.

I would prefer to run Nagios 'for debug' the same way as always,
but just have a possibility to dump core when I want to do that.
If started-for-production Nagios goes crazy, you can't dump core.
Instead, you have to restart it for-debug and wait for the bug again.
It's not convenient too.

> When it's
> *not* started by root it should probably dump core by default,
> but then your patch doesn't make sense, because one way to
> override where it dumps it is to set the $HOME dir explicitly.
> 
> In other words "a user can't change this setting, so it's safe"
> is *not* the same as "this is a good thing".
> 


-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4