Re: [monit-dev] "check program" change uid preliminary patch

monit-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit-dev] "check program" change uid preliminary patch

From:	Jan-Henrik Haukeland
Subject:	Re: [monit-dev] "check program" change uid preliminary patch
Date:	Fri, 16 Mar 2012 08:11:01 +0100

Hi

Looks like a fine start to me. Thanks for the work. It should be possible to 
avoid the global stuff and use the local struct myprogram programset object. 
I'll take a look and add the refactored patch.


On Mar 16, 2012, at 5:11 AM, Leif Gustafson wrote:

> Hello,
>  Following up on the conversation in monit-general about adding an option
> to "check program" to drop root privileges, I took a look at the source code
> and tried to see how difficult it would be to add it.  I'm not extremely
> familiar with the source tree nor do I usually use C for my day job so be
> gentle, but I was able to mock up a preliminary working patch (against
> 5.3.2).  I think this is a pretty important security feature for "check
> program" because if the user isn't careful a malicious trojan could be
> executed as root.
> 
>  I had to make a couple of workarounds to get this to work.  The "check"
> statements appear to be designed to only take one parameter (in this case,
> the path to the program), so I had to modify the grammar of "check program"
> a bit.  But also, the order in which the statement is being parsed means the
> Service_t hasn't been created yet when uid/gid are parsed.  So, I have to
> save those in static global variables and then set them in the instance of
> Service_t once it has been created.
> 
>  So, testing this with something like "check program test-script with path
> '/home/lgustafson/test-uid.sh' as uid 1000 as gid 1000 if status != 0 then
> alert" worked for me.  The script was indeed run as my uid/gid.  The caveat
> is the supplemental group list still contains root, so the script could
> still modify writeable files owned by gid 0.  I'm not certain that there is
> a portable solution for that, but it could be resolved on some of the
> platforms you support.
> 
>  Like I said, this is just a preliminary patch/brainstorming exercise.
> <check-program-set-uid.patch>_______________________________________________
> monit-dev mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/monit-dev

[Prev in Thread]

Current Thread

[Next in Thread]

[monit-dev] "check program" change uid preliminary patch, Leif Gustafson, 2012/03/16
- Re: [monit-dev] "check program" change uid preliminary patch, Jan-Henrik Haukeland <=
  - Re: [monit-dev] "check program" change uid preliminary patch, Igor Homyakov, 2012/03/16
    - Re: [monit-dev] "check program" change uid preliminary patch, Leif Gustafson, 2012/03/16
- Re: [monit-dev] "check program" change uid preliminary patch, Michael Shigorin, 2012/03/16

Prev by Date: [monit-dev] "check program" change uid preliminary patch
Next by Date: Re: [monit-dev] "check program" change uid preliminary patch
Previous by thread: [monit-dev] "check program" change uid preliminary patch
Next by thread: Re: [monit-dev] "check program" change uid preliminary patch
Index(es):
- Date
- Thread