Marc Haber wrote:
> On Tue, Feb 21, 2006 at 05:35:53PM +0100, Andreas Ericsson wrote:
>
>>Marc Haber wrote:
>>
>>>On Tue, Feb 21, 2006 at 03:34:22PM +0100, Andreas Ericsson wrote:
>>>
>>>
>>>>Marc Haber wrote:
>>>>
>>>>
>>>>>The directory to chroot to should be configurable at compile time to
>>>>>help FHS-compliant distributions. On Debian, the directory to use
>>>>>would be /var/run/nsca, by example of sshd.
>>>>>
>>>>
>>>>At run-time, I'd say.
>>>
>>>
>>>Even better, one would have to worry about input processing though.
>>>
>>
>>Not sure I follow you there.
>
>
> A compile-time setting will end up in a #define, so one can assume
> that whatever is there isn't maliciously set. For a run-time setting,
> one must verify that the parameter is acutally a valid path name, that
> no wildcard or relative path stunts are pulled, and one needs to go
> through the hassle of string handling in C, which is always a source
> for buffer overflow errors, which will have bad consequences at the
> time of option parsing since we are not yet chrooted and still hold
> root privileges at that point.
>
No we don't. All we need to do is
path = slurp_path(nagios_config_file);
if (chdir(path)
>>>>>As sean has already said, this breaks as soon as the nagios daemon
>>>>>re-creates the named pipe for some reason.
>>>>
>>>>True. That means setting the jail-dir at compile-time goes out the
>>>>window though. It would be better to grok the jail from the nagios
>>>>config file.
>>>
>>>That, however, rules out the possible simplest implementation of
>>>allowing multiple command_file directives in nagios.cfg since nsca
>>>won't be able to grok its chroot location from there.
>>
>>But if we do this there's no need to support multiple command_file
>>directives. It's the cleanest solution.
>
>
> Having multiple command_file directives is desireable, IMO, since one
> could then run multiple instances of programs that can deliver
> external commands (web, wap, nsca, e-mail, irc etc) to nagios, all of
> them potentially chrooted. It's like adapting nagios for a general
> thing, not just for nsca.
>
Nothing prevents multiple daemons running in the same chroot() jail. The
jail is still as secure as it would be if just one daemon was running
inside it.
> otoh, all of these interfaces could lead to send_nsca being called,
> which would reduce the number of nagios interfaces to one: nsca.
>
Now I don't follow you again. Do you mean to call send_nsca from the
same host nsca is running on? That doesn't really make sense, since
programs calling send_nsca either must reside in a fully featured chroot
jail (i.e., one with a linker, libraries, /proc filesystem and whatnot)
or have send_nsca statically linked.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]