security & suid/sudo plugins

Thomas Sluyter nagios at kilala.nl
Thu Aug 31 16:43:21 CEST 2006

Previous message: security & suid/sudo plugins
Next message: security & suid/sudo plugins
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31 Aug, 2006, at 16:34, Hari Sekhon wrote:

>> I have a difficult customer who won't sign off changes based on  
>> the security risk using suid plugins, for example, check_logfiles.  
>> What does one do about this situation?
>>
>
> use sudo, that's what it's for.
>

And then -don't- use sudo to run the script, but use sudo to run the  
actual command that's needed to read the logfile. Possibly even  
defining the actual arguments that will be given to the command. It's  
a bitch when it comes to upkeep, but it is the safest way of going  
about this...

Using a suid script is asking for trouble... Anyone could change the  
script to read "rm -rf /*"

Cheers!


Thomas



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: security & suid/sudo plugins
Next message: security & suid/sudo plugins
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list