diff options
author | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2008-05-20 07:57:13 +0000 |
---|---|---|
committer | Thomas Guyot-Sionnest <dermoth@users.sourceforge.net> | 2008-05-20 07:57:13 +0000 |
commit | eaf61e51ac6a64e3d879248edd7b10f62e3c6aa3 (patch) | |
tree | e2509d41b6f05911259bb731c27ef718878cfcc0 | |
parent | 7e3fc482ed934105c3f27e39175bf0cff3286db3 (diff) | |
download | monitoring-plugins-eaf61e51ac6a64e3d879248edd7b10f62e3c6aa3.tar.gz |
Clobber password in check_radius process list aguments
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1994 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | plugins/check_radius.c | 14 |
2 files changed, 11 insertions, 5 deletions
@@ -18,7 +18,7 @@ This file documents the major additions and syntax changes between releases. | |||
18 | check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453) | 18 | check_dig can now pass arguments dig by using -A/--dig-arguments (#1874041/#1889453) |
19 | check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help | 19 | check_ntp and check_ntp_peer now show proper jitter/stratum thresholds longopts in --help |
20 | check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers) | 20 | check_dns now allow to repeat -a to match multiple possibly returned address (common with load balancers) |
21 | check_mysql now try clearing password in processlist just like check_mysql_query | 21 | check_mysql and check_radius now try clearing password in processlist just like check_mysql_query |
22 | check_mysql and check_mysql_query now support sockets explicitely (-s, --socket) | 22 | check_mysql and check_mysql_query now support sockets explicitely (-s, --socket) |
23 | negate now has the ability to replace the status text as well (-s, --substitute) | 23 | negate now has the ability to replace the status text as well (-s, --substitute) |
24 | Added performance data to check_ping (Christian Schneemann) | 24 | Added performance data to check_ping (Christian Schneemann) |
diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 7ce820a8..5021a57a 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c | |||
@@ -260,7 +260,13 @@ process_arguments (int argc, char **argv) | |||
260 | username = optarg; | 260 | username = optarg; |
261 | break; | 261 | break; |
262 | case 'p': /* password */ | 262 | case 'p': /* password */ |
263 | password = optarg; | 263 | password = strdup(optarg); |
264 | |||
265 | /* Delete the password from process list */ | ||
266 | while (*optarg != '\0') { | ||
267 | *optarg = 'X'; | ||
268 | optarg++; | ||
269 | } | ||
264 | break; | 270 | break; |
265 | case 'n': /* nas id */ | 271 | case 'n': /* nas id */ |
266 | nasid = optarg; | 272 | nasid = optarg; |
@@ -343,9 +349,9 @@ print_help (void) | |||
343 | printf ("%s\n", _("name and password. A configuration file may also be present. The format of")); | 349 | printf ("%s\n", _("name and password. A configuration file may also be present. The format of")); |
344 | printf ("%s\n", _("the configuration file is described in the radiusclient library sources.")); | 350 | printf ("%s\n", _("the configuration file is described in the radiusclient library sources.")); |
345 | printf ("%s\n", _("The password option presents a substantial security issue because the")); | 351 | printf ("%s\n", _("The password option presents a substantial security issue because the")); |
346 | printf ("%s\n", _("password can be determined by careful watching of the command line in")); | 352 | printf ("%s\n", _("password can possibly be determined by careful watching of the command line")); |
347 | printf ("%s\n", _("a process listing. This risk is exacerbated because nagios will")); | 353 | printf ("%s\n", _("in a process listing. This risk is exacerbated because nagios will")); |
348 | printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that")); | 354 | printf ("%s\n", _("run the plugin at regular predictable intervals. Please be sure that")); |
349 | printf ("%s\n", _("the password used does not allow access to sensitive system resources.")); | 355 | printf ("%s\n", _("the password used does not allow access to sensitive system resources.")); |
350 | 356 | ||
351 | #ifdef NP_EXTRA_OPTS | 357 | #ifdef NP_EXTRA_OPTS |