diff options
| author | Thomas Guyot-Sionnest <dermoth@aei.ca> | 2014-01-25 09:22:09 (GMT) |
|---|---|---|
| committer | Thomas Guyot-Sionnest <dermoth@aei.ca> | 2014-01-25 09:22:09 (GMT) |
| commit | 68fe713335183dd37ced78821711c2a3f1ea2cc7 (patch) | |
| tree | b558cc2a200249002d2716a9e3803c272fb01aaf /lib/utils_base.c | |
| parent | 25a289f307270bb8f814a2df923aeab50acd50c6 (diff) | |
| download | monitoring-plugins-68fe713335183dd37ced78821711c2a3f1ea2cc7.tar.gz | |
Ignore MP_STATE_DIRECTORY in suid plugins
If a plugin still has suid privileges at the time np_enable_state() is
called, the MP_STATE_DIRECTORY environment will be ignored.
There is no need for a NEWS entry as no suid plugins use np_enable_state
yet.
Diffstat (limited to 'lib/utils_base.c')
| -rw-r--r-- | lib/utils_base.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/utils_base.c b/lib/utils_base.c index 304b732..5c838d1 100644 --- a/lib/utils_base.c +++ b/lib/utils_base.c | |||
| @@ -30,6 +30,8 @@ | |||
| 30 | #include <ctype.h> | 30 | #include <ctype.h> |
| 31 | #include <fcntl.h> | 31 | #include <fcntl.h> |
| 32 | #include <sys/stat.h> | 32 | #include <sys/stat.h> |
| 33 | #include <unistd.h> | ||
| 34 | #include <sys/types.h> | ||
| 33 | 35 | ||
| 34 | #define np_free(ptr) { if(ptr) { free(ptr); ptr = NULL; } } | 36 | #define np_free(ptr) { if(ptr) { free(ptr); ptr = NULL; } } |
| 35 | 37 | ||
| @@ -415,14 +417,18 @@ void _cleanup_state_data() { | |||
| 415 | char* _np_state_calculate_location_prefix(){ | 417 | char* _np_state_calculate_location_prefix(){ |
| 416 | char *env_dir; | 418 | char *env_dir; |
| 417 | 419 | ||
| 418 | /* FIXME: Undocumented */ | 420 | /* Do not allow passing MP_STATE_DIRECTORY in setuid plugins |
| 419 | env_dir = getenv("MP_STATE_DIRECTORY"); | 421 | * for security reasons */ |
| 420 | if(env_dir && env_dir[0] != '\0') | 422 | if (mp_suid() == FALSE) { |
| 421 | return env_dir; | 423 | /* FIXME: Undocumented */ |
| 422 | /* This is the former ENV, for backward-compatibility */ | 424 | env_dir = getenv("MP_STATE_DIRECTORY"); |
| 423 | env_dir = getenv("NAGIOS_PLUGIN_STATE_DIRECTORY"); | 425 | if(env_dir && env_dir[0] != '\0') |
| 424 | if(env_dir && env_dir[0] != '\0') | 426 | return env_dir; |
| 425 | return env_dir; | 427 | /* This is the former ENV, for backward-compatibility */ |
| 428 | env_dir = getenv("NAGIOS_PLUGIN_STATE_DIRECTORY"); | ||
| 429 | if(env_dir && env_dir[0] != '\0') | ||
| 430 | return env_dir; | ||
| 431 | } | ||
| 426 | 432 | ||
| 427 | return NP_STATE_DIR_PREFIX; | 433 | return NP_STATE_DIR_PREFIX; |
| 428 | } | 434 | } |