Re: [Nagios-devel] [patch] nsca chroot() support
Posted: Sun Mar 12, 2006 3:05 am
--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
oh, i forgot one thing:
i couldn't decide whether it made sense to try and chroot in
inetd mode. my inclination is that the corresponding inetd
daemon (xinetd, etc) should provide this functionality, and
that it would probably be impossible to do if inetd was
running the service as another user anyway.
but, i've gone ahead and put in a call to do_chroot in inetd
mode anyway, since it exits with an error if it fails, and
i figure it would be better to fail noisily rather than
silently ignore a security-related configuration option.
in any event the lines that do that are an isolated hunk
in the patch i previously provided, so feel free to remove
them if you think that's better (though in that case the hunk
of patch for nsca.cfg should probably be updated to mention
this too).
sean
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEFABfynjLPm522B0RAvCzAJ4noOCoHYqMTsvP9lyoOMt2jtg8pwCcDq3q
jQTgO+GCSaTI9f45N8GTPx8=
=pJn2
-----END PGP SIGNATURE-----
--u3/rZRmxL6MmkK24--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
oh, i forgot one thing:
i couldn't decide whether it made sense to try and chroot in
inetd mode. my inclination is that the corresponding inetd
daemon (xinetd, etc) should provide this functionality, and
that it would probably be impossible to do if inetd was
running the service as another user anyway.
but, i've gone ahead and put in a call to do_chroot in inetd
mode anyway, since it exits with an error if it fails, and
i figure it would be better to fail noisily rather than
silently ignore a security-related configuration option.
in any event the lines that do that are an isolated hunk
in the patch i previously provided, so feel free to remove
them if you think that's better (though in that case the hunk
of patch for nsca.cfg should probably be updated to mention
this too).
sean
--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEFABfynjLPm522B0RAvCzAJ4noOCoHYqMTsvP9lyoOMt2jtg8pwCcDq3q
jQTgO+GCSaTI9f45N8GTPx8=
=pJn2
-----END PGP SIGNATURE-----
--u3/rZRmxL6MmkK24--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]