Re: [Nagios-devel] nrpe, arguments and security
Posted: Tue Nov 30, 2004 7:50 am
On Tue, 30 Nov 2004, Andreas Ericsson wrote:
> > +#define ALLOWED_ARGUMENT_CHARS " !abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
> >
>
> ! is not currently in the safe-by-default list, as it is treated
> different depending on where your /bin/sh points to. ,.% are, though.
But ! will never reach the shell, since it's just the internal argument
separator.
>I've already implemented whitelist argument chars in current NRPE (which
>isn't publicly available, since I haven't gotten the PK authentication
>to work properly). Thanks for participating though.
It would be great if this issue could be resolved as soon as possible. Is
it possible that you can add your "whitelist" implementation separated
from the PK stuff?
--
Peter Åstrand Chief Developer
Cendio www.thinlinc.com
Teknikringen 3 www.cendio.se
583 30 Linköping Phone: +46-13-21 46 00
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> > +#define ALLOWED_ARGUMENT_CHARS " !abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
> >
>
> ! is not currently in the safe-by-default list, as it is treated
> different depending on where your /bin/sh points to. ,.% are, though.
But ! will never reach the shell, since it's just the internal argument
separator.
>I've already implemented whitelist argument chars in current NRPE (which
>isn't publicly available, since I haven't gotten the PK authentication
>to work properly). Thanks for participating though.
It would be great if this issue could be resolved as soon as possible. Is
it possible that you can add your "whitelist" implementation separated
from the PK stuff?
--
Peter Åstrand Chief Developer
Cendio www.thinlinc.com
Teknikringen 3 www.cendio.se
583 30 Linköping Phone: +46-13-21 46 00
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]