check-ping

Jay R. Ashworth jra at baylink.com
Tue Jul 15 16:15:19 CEST 2008


On Tue, Jul 15, 2008 at 10:51:37AM +0200, Andreas Ericsson wrote:
[ me: ]
> >I've left Jeff's quote in so you can see, Andreas, that you misread
> >him.  He didn't say "SUID root".  He said sudo -- he plans to set the
> >nagios Linux user up so it can sudo to run ping as root.
> 
> Ah, right. Having had some driver issues for my laptop lately, I foolishly
> joined the linux-kernel mailing list. A payload of 1000 non-spam emails
> is now hitting my inbox on a daily basis, causing me to only half-read
> pretty much everything.

My condolences.  :-)

> >Seems sensible to me.
> 
> Still, I'm not convinced. sudo is a different can of worms entirely,
> and not nearly as secure as many people seem to think. Although the
> attack vector is strictly local, it's large enough to be a greater
> worry to me than running a small, much-audited program suid root.

Ok; that's reasonable.

Cheers,
-- jra
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Josef Stalin)

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list