Question on setting up my own check

[Marc Powell]

On Oct 20, 2010, at 8:34 AM, Trond Hasle Amundsen wrote:

>> Beyond just good programming practice, always use full paths to external programs within your scripts. $PATH may not be what you expect it to be, especially when being run by the nagios daemon which has a more restrictive environment.
>> 
>> # (paths may be different on your system)
>> used=`/usr/bin/sudo /usr/bin/rsh $1 /bin/df -v | /bin/grep starlite | /usr/bin/head -1 | /usr/bin/awk '{print $4}'`
> 
> Or... set PATH before doing anything else, e.g.
> 
>  #!/bin/bash
>  PATH=/bin:/sbin:/usr/bin:/usr/sbin
>  export PATH
>  [...rest of script...]
> 
> This will enhance readability wrt. using full paths everywhere.

A good start, for sure but I'm a bit more paranoid than that from experience. If $badguy manages to create /bin/sudo -> /tmp/fakesudo, his will be run due to path order and you've just facilitated providing your password to him or doing other nasty stuff, potentially as root.

--
Marc
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null