[email protected] wrote:
> In message ,
> Joerg Linge writes:
>
>> Am Freitag, 29. Dezember 2006 18:36 schrieb [email protected]:
>>> Hi all:
>> [...]
>>> It also mentions that custom object vars are available as
>>> environmental variables. Is there a way to turn that off? I.E. if the
>>> variable was a password you don't want that being passed in the
>>> environment where it is viewable by everybody.
>> The ENV Vars are only available for new processes forked by the Nagios Daemon.
>> So the vars are not available for everybody.
>
> Using ps I can dump the environment of any/all processes by default
> under linux (ps -auxew for example), so unless you are running a
> security enhanced linux that restricts that, any user on the system
> can see the environment including passwords.
>
> -- rouilj
> John Rouillard
Hmmm... I hadn't thought about this issue. There's really not an
easy/efficient way to prevent just a few custom vars from being added as
environment vars. Perhaps a different naming convention for some custom
vars?
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]