Re: [Nagios-devel] Security Concerns about the nsca daemon
Posted: Wed Feb 22, 2006 5:42 am
On Wed, Feb 22, 2006 at 02:18:52PM +0100, Andreas Ericsson wrote:
> Marc Haber wrote:
> >On Wed, Feb 22, 2006 at 11:03:51AM +0100, Andreas Ericsson wrote:
> >>
> >>Nothing prevents multiple daemons running in the same chroot() jail. The
> >>jail is still as secure as it would be if just one daemon was running
> >>inside it.
> >
> >That might be the case when the daemon can live with an empty chroot,
> >which is only true if the daemon can chroot itself. As soon as we need
> >external chroot techniques (which might be the case for third-party
> >daemons, not the patched nsca), the chroot needs contents, and then it
> >would be desireable to have one chroot per daemon.
> >
>
> In that case I'd argue setting up /jail with a full environment in it
> and include an empty directory where Nagios will create its command-fifo.
Doesn't scale in cases were multiple jails are needed, and I don't
like the idea of chroot-in-chroot. Mucho ugly.
> >Yes, you're right. So it is desireable to have multiple command_file
> >directives just to make sure.
>
> Writing code "just to make sure" is a good way of wasting time and
> adding code-bloat. When someone needs it, they'll write it. When someone
> else may need it sometime in the future, it stays unwritten.
That's the open source approach "works for me". I prefer to think
ahead, but I am not going to write the code anyway (since I can't), so
the decision stays yours.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> Marc Haber wrote:
> >On Wed, Feb 22, 2006 at 11:03:51AM +0100, Andreas Ericsson wrote:
> >>
> >>Nothing prevents multiple daemons running in the same chroot() jail. The
> >>jail is still as secure as it would be if just one daemon was running
> >>inside it.
> >
> >That might be the case when the daemon can live with an empty chroot,
> >which is only true if the daemon can chroot itself. As soon as we need
> >external chroot techniques (which might be the case for third-party
> >daemons, not the patched nsca), the chroot needs contents, and then it
> >would be desireable to have one chroot per daemon.
> >
>
> In that case I'd argue setting up /jail with a full environment in it
> and include an empty directory where Nagios will create its command-fifo.
Doesn't scale in cases were multiple jails are needed, and I don't
like the idea of chroot-in-chroot. Mucho ugly.
> >Yes, you're right. So it is desireable to have multiple command_file
> >directives just to make sure.
>
> Writing code "just to make sure" is a good way of wasting time and
> adding code-bloat. When someone needs it, they'll write it. When someone
> else may need it sometime in the future, it stays unwritten.
That's the open source approach "works for me". I prefer to think
ahead, but I am not going to write the code anyway (since I can't), so
the decision stays yours.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]