summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Wagner <waja@cyconet.org>2014-07-06 12:58:04 +0200
committerJan Wagner <waja@cyconet.org>2014-07-06 13:29:24 +0200
commitba21e26443385dd283d08e0419ff6ff25fedd0e8 (patch)
treef4b531a4b6a39bfc195c23c23fd80d7fbae176cd
parent1a0467f672ae7a3cb8ecf35e9cbedc0cb4c6124e (diff)
downloadmonitoring-plugins-ba21e26443385dd283d08e0419ff6ff25fedd0e8.tar.gz
check_icmp/check_dhcp: disable check, if we are root
As it is possible to use capabilities(7) on linux or solaris privileges for example, it is not necessary in all cases to have those binaries making use of setuid.
-rw-r--r--lib/utils_base.c13
-rw-r--r--lib/utils_base.h3
-rw-r--r--plugins-root/check_dhcp.c3
-rw-r--r--plugins-root/check_icmp.c3
4 files changed, 0 insertions, 22 deletions
diff --git a/lib/utils_base.c b/lib/utils_base.c
index 55d35fdd..addf26bd 100644
--- a/lib/utils_base.c
+++ b/lib/utils_base.c
@@ -300,19 +300,6 @@ char *np_escaped_string (const char *string) {
300 300
301int np_check_if_root(void) { return (geteuid() == 0); } 301int np_check_if_root(void) { return (geteuid() == 0); }
302 302
303int np_warn_if_not_root(void) {
304 int status = np_check_if_root();
305 if(!status) {
306 printf(_("Warning: "));
307 printf(_("This plugin must be either run as root or setuid root.\n"));
308 printf(_("To run as root, you can use a tool like sudo.\n"));
309 printf(_("To set the setuid permissions, use the command:\n"));
310 /* XXX could we use something like progname? */
311 printf("\tchmod u+s yourpluginfile\n");
312 }
313 return status;
314}
315
316/* 303/*
317 * Extract the value from key/value pairs, or return NULL. The value returned 304 * Extract the value from key/value pairs, or return NULL. The value returned
318 * can be free()ed. 305 * can be free()ed.
diff --git a/lib/utils_base.h b/lib/utils_base.h
index d69b0da1..42ae0c09 100644
--- a/lib/utils_base.h
+++ b/lib/utils_base.h
@@ -75,9 +75,6 @@ void die (int, const char *, ...) __attribute__((noreturn,format(printf, 2, 3)))
75/* a simple check to see if we're running as root. 75/* a simple check to see if we're running as root.
76 * returns zero on failure, nonzero on success */ 76 * returns zero on failure, nonzero on success */
77int np_check_if_root(void); 77int np_check_if_root(void);
78/* and a helpful wrapper around that. it returns the same status
79 * code from the above function, in case it's helpful for testing */
80int np_warn_if_not_root(void);
81 78
82/* mp_suid() returns true if the real and effective uids differs, such as when 79/* mp_suid() returns true if the real and effective uids differs, such as when
83 * running a suid plugin */ 80 * running a suid plugin */
diff --git a/plugins-root/check_dhcp.c b/plugins-root/check_dhcp.c
index b69a10da..b874c555 100644
--- a/plugins-root/check_dhcp.c
+++ b/plugins-root/check_dhcp.c
@@ -270,9 +270,6 @@ int main(int argc, char **argv){
270 usage4 (_("Could not parse arguments")); 270 usage4 (_("Could not parse arguments"));
271 } 271 }
272 272
273 /* this plugin almost certainly needs root permissions. */
274 np_warn_if_not_root();
275
276 /* create socket for DHCP communications */ 273 /* create socket for DHCP communications */
277 dhcp_socket=create_dhcp_socket(); 274 dhcp_socket=create_dhcp_socket();
278 275
diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
index 4b4197d8..8b563e40 100644
--- a/plugins-root/check_icmp.c
+++ b/plugins-root/check_icmp.c
@@ -383,9 +383,6 @@ main(int argc, char **argv)
383 bindtextdomain (PACKAGE, LOCALEDIR); 383 bindtextdomain (PACKAGE, LOCALEDIR);
384 textdomain (PACKAGE); 384 textdomain (PACKAGE);
385 385
386 /* print a helpful error message if geteuid != 0 */
387 np_warn_if_not_root();
388
389 /* we only need to be setsuid when we get the sockets, so do 386 /* we only need to be setsuid when we get the sockets, so do
390 * that before pointer magic (esp. on network data) */ 387 * that before pointer magic (esp. on network data) */
391 icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0; 388 icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0;