On Tue, 06 Dec 2005 09:32:15 -0800 Wes wrote:
WH> 1) I don't think we should switch back to root to write files
Ok, but I figured we'd need this up/down-grade capability in general to allow
an agent to run as non-root most of the time, even on platforms that require
root access for access to some kernel data.
WH> 2) I think the files should be owned by something other than root if
WH> they need to be written to by an agent running as a different user.
If not for 3, I'd disagree.
WH> 3) I think the correct fix is actually to define which tokens are
WH> allowed to exist in the persistent storage file.
I had this thought too. This works ok as long as you trust all your mib
modules.
WH> Something like
WH> netsnmp_app_register_persistent_token("foo") which would specify
WH> that token was legal to load from a persistent storage file.
I'd also like to see a hard-coded list of tokens where were excluded (eg pass).
We should probably apply this logic to *any* config file which is writable by
anyone other than root.
--
Robert Story; NET-SNMP Junkie
Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp>
Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders>
You are lost in a twisty maze of little standards, all different.
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
