diff options
author | Jan Wagner <waja@cyconet.org> | 2014-07-06 12:58:04 +0200 |
---|---|---|
committer | Jan Wagner <waja@cyconet.org> | 2014-07-06 13:29:24 +0200 |
commit | ba21e26443385dd283d08e0419ff6ff25fedd0e8 (patch) | |
tree | f4b531a4b6a39bfc195c23c23fd80d7fbae176cd | |
parent | 1a0467f672ae7a3cb8ecf35e9cbedc0cb4c6124e (diff) | |
download | monitoring-plugins-ba21e26443385dd283d08e0419ff6ff25fedd0e8.tar.gz |
check_icmp/check_dhcp: disable check, if we are root
As it is possible to use capabilities(7) on linux or solaris
privileges for example, it is not necessary in all cases to
have those binaries making use of setuid.
-rw-r--r-- | lib/utils_base.c | 13 | ||||
-rw-r--r-- | lib/utils_base.h | 3 | ||||
-rw-r--r-- | plugins-root/check_dhcp.c | 3 | ||||
-rw-r--r-- | plugins-root/check_icmp.c | 3 |
4 files changed, 0 insertions, 22 deletions
diff --git a/lib/utils_base.c b/lib/utils_base.c index 55d35fdd..addf26bd 100644 --- a/lib/utils_base.c +++ b/lib/utils_base.c | |||
@@ -300,19 +300,6 @@ char *np_escaped_string (const char *string) { | |||
300 | 300 | ||
301 | int np_check_if_root(void) { return (geteuid() == 0); } | 301 | int np_check_if_root(void) { return (geteuid() == 0); } |
302 | 302 | ||
303 | int np_warn_if_not_root(void) { | ||
304 | int status = np_check_if_root(); | ||
305 | if(!status) { | ||
306 | printf(_("Warning: ")); | ||
307 | printf(_("This plugin must be either run as root or setuid root.\n")); | ||
308 | printf(_("To run as root, you can use a tool like sudo.\n")); | ||
309 | printf(_("To set the setuid permissions, use the command:\n")); | ||
310 | /* XXX could we use something like progname? */ | ||
311 | printf("\tchmod u+s yourpluginfile\n"); | ||
312 | } | ||
313 | return status; | ||
314 | } | ||
315 | |||
316 | /* | 303 | /* |
317 | * Extract the value from key/value pairs, or return NULL. The value returned | 304 | * Extract the value from key/value pairs, or return NULL. The value returned |
318 | * can be free()ed. | 305 | * can be free()ed. |
diff --git a/lib/utils_base.h b/lib/utils_base.h index d69b0da1..42ae0c09 100644 --- a/lib/utils_base.h +++ b/lib/utils_base.h | |||
@@ -75,9 +75,6 @@ void die (int, const char *, ...) __attribute__((noreturn,format(printf, 2, 3))) | |||
75 | /* a simple check to see if we're running as root. | 75 | /* a simple check to see if we're running as root. |
76 | * returns zero on failure, nonzero on success */ | 76 | * returns zero on failure, nonzero on success */ |
77 | int np_check_if_root(void); | 77 | int np_check_if_root(void); |
78 | /* and a helpful wrapper around that. it returns the same status | ||
79 | * code from the above function, in case it's helpful for testing */ | ||
80 | int np_warn_if_not_root(void); | ||
81 | 78 | ||
82 | /* mp_suid() returns true if the real and effective uids differs, such as when | 79 | /* mp_suid() returns true if the real and effective uids differs, such as when |
83 | * running a suid plugin */ | 80 | * running a suid plugin */ |
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c index b69a10da..b874c555 100644 --- a/plugins-root/check_dhcp.c +++ b/plugins-root/check_dhcp.c | |||
@@ -270,9 +270,6 @@ int main(int argc, char **argv){ | |||
270 | usage4 (_("Could not parse arguments")); | 270 | usage4 (_("Could not parse arguments")); |
271 | } | 271 | } |
272 | 272 | ||
273 | /* this plugin almost certainly needs root permissions. */ | ||
274 | np_warn_if_not_root(); | ||
275 | |||
276 | /* create socket for DHCP communications */ | 273 | /* create socket for DHCP communications */ |
277 | dhcp_socket=create_dhcp_socket(); | 274 | dhcp_socket=create_dhcp_socket(); |
278 | 275 | ||
diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c index 4b4197d8..8b563e40 100644 --- a/plugins-root/check_icmp.c +++ b/plugins-root/check_icmp.c | |||
@@ -383,9 +383,6 @@ main(int argc, char **argv) | |||
383 | bindtextdomain (PACKAGE, LOCALEDIR); | 383 | bindtextdomain (PACKAGE, LOCALEDIR); |
384 | textdomain (PACKAGE); | 384 | textdomain (PACKAGE); |
385 | 385 | ||
386 | /* print a helpful error message if geteuid != 0 */ | ||
387 | np_warn_if_not_root(); | ||
388 | |||
389 | /* we only need to be setsuid when we get the sockets, so do | 386 | /* we only need to be setsuid when we get the sockets, so do |
390 | * that before pointer magic (esp. on network data) */ | 387 | * that before pointer magic (esp. on network data) */ |
391 | icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0; | 388 | icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0; |