[Nagiosplug-devel] [RFC] Plugins config file

Jason Martin jhmartin at toger.us
Tue Oct 17 03:52:41 CEST 2006


On Mon, Oct 16, 2006 at 07:08:02PM +0200, sean finney wrote:
> On Mon, 2006-10-16 at 13:25 +0200, Andreas Ericsson wrote:
> > If an attacker has access to your system in a way that lets them list 
> > processes of any arbitrary user, I fail to see how you could protect 
> > this configuration file in a sane way.
Most OS's allow everyone to do a full ps, but this would prevent
legimate users of a given machine from transitively getting
permissions to other hosts they shouldn't have through Nagios.

-Jason Martin
-- 
Ensign Expendable, step on that rock! - Kirk
This message is PGP/MIME signed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 213 bytes
Desc: not available
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20061016/2750697a/attachment.sig>


More information about the Devel mailing list