Hi Michael, On Wed, November 28, 2007 17:48, Michael Ablassmeier wrote: > to be a bit more specific about this: > > an privileged user (root) may configure an UserParameter like this one in > /etc/zabbix/zabbix-agentd.conf (hard core example): > > > UserParameter=cat[*],cat $1
Thank you for contacting us about it. It's definitely a bug which should be fixed, but I'm trying to assess whether it's severe enough to warrant a DSA. Zabbix is a monitoring tool. I would therefore assume that zabbix' users already have quite a level of implied trust; it's not quite common that a random user has access to zabbix and can exectute commands, right? Or am I missing something? thanks, Thijs
