Nagios has two plugins, check_dhcp and check_icmp, which need
root for obvious reasons. Currently neither are installed suid.
For check_dhcp I think this is fine as it wants to run entirely
as root.
On the other hand check_icmp drops privileges after binding
the ICMP socket and mostly runs as the caller's uid, so I think
it's reasonable in this case to install it suid (and I trust
this as much as asking the user to create their own systrace
policy for controlled privilege escalation..)
Any comments/objections/OKs for this?
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/nagios/plugins/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- Makefile 2 Jun 2011 13:41:40 -0000 1.31
+++ Makefile 26 Jul 2011 16:52:47 -0000
@@ -23,7 +23,7 @@ PKGNAME-samba= nagios-plugins-samba-${V}
PKGNAME-snmp= nagios-plugins-snmp-${V}
CATEGORIES= net
-REVISION-main= 1
+REVISION-main= 2
HOMEPAGE= http://nagiosplug.sourceforge.net/
Index: pkg/MESSAGE-main
===================================================================
RCS file: pkg/MESSAGE-main
diff -N pkg/MESSAGE-main
--- pkg/MESSAGE-main 15 Nov 2010 09:56:53 -0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,4 +0,0 @@
-The check_dhcp and check_icmp plugins need to run with superuser
-privileges. For security reasons they are not installed suid root
-by default. If you want to use them, you have to either change
-their mode manually or use systrace's privilege elevation feature.
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/net/nagios/plugins/pkg/PLIST-main,v
retrieving revision 1.5
diff -u -p -r1.5 PLIST-main
--- pkg/PLIST-main 15 Nov 2010 09:56:53 -0000 1.5
+++ pkg/PLIST-main 26 Jul 2011 16:52:47 -0000
@@ -15,7 +15,9 @@ libexec/nagios/check_file_age
libexec/nagios/check_flexlm
libexec/nagios/check_ftp
@bin libexec/nagios/check_http
+@mode 4555
@bin libexec/nagios/check_icmp
+@mode
libexec/nagios/check_imap
libexec/nagios/check_ircd
libexec/nagios/check_jabber
Index: pkg/README-main
===================================================================
RCS file: /cvs/ports/net/nagios/plugins/pkg/README-main,v
retrieving revision 1.2
diff -u -p -r1.2 README-main
--- pkg/README-main 2 Jun 2011 13:41:40 -0000 1.2
+++ pkg/README-main 26 Jul 2011 16:52:47 -0000
@@ -4,15 +4,16 @@ $OpenBSD: README-main,v 1.2 2011/06/02 1
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
-The check_icmp and check_dhcp Nagios plugins need elevated privileges to
-run properly. As the code quality of these plugins is not really good,
-they are not installed suid root by default.
+The check_dhcp and check_icmp plugins need elevated privileges to
+run properly. As check_icmp drops privileges early, it is installed
+suid root. check_dhcp normally runs entirely as root; as the code
+quality of this plugin is not really good, it is not installed
+suid root by default.
-If you have to use these plugins (note that check_fping could be used
-in place of check_icmp), instead of running the whole plugin as root,
-it is possible to run them with systrace's privilege elevation feature.
-This way the plugin runs as _nagios, but the individual system calls
-requiring privileges are run as root.
+Instead of running the whole plugin as root, it is possible to run
+it with systrace's privilege elevation feature. This way the plugin
+runs as _nagios, but the individual system calls requiring privileges
+are run as root.
1) Create a preliminary systrace policy for the plugin.
