On Sun, Jul 08, 2012 at 02:50:02PM +0200, Sebastian Harl wrote:
On Sat, Jul 07, 2012 at 10:23:00PM +0200, Bastian Blank wrote:
All the informations recorded by default are available for normal users
or at most need CAP_DAC_READSEARCH.
I thought about it and no plugin should need this
Hi,
(Cc'ing the collectd mailing list, hoping for further input and
suggestions. For a full log of this bug report, see
http://bugs.debian.org/680660.)
On Mon, Jul 16, 2012 at 03:19:37PM +0200, Bastian Blank wrote:
On Sun, Jul 08, 2012 at 02:50:02PM +0200, Sebastian Harl wrote:
On Sat, Jul
Hi,
- Maybe set security bit SECBIT_NOROOT. It removes capabilities from all
suid-root processes it may try to call.
This would be in the spirit of the exec plugin which refuses to run any
external programs / scripts as root. However, I'm not entirely sure if
that's a good idea, though,
Hi,
On Sat, Jul 07, 2012 at 10:23:00PM +0200, Bastian Blank wrote:
All the informations recorded by default are available for normal users
or at most need CAP_DAC_READSEARCH. There is no reason to run collectd
with the highest permissions on the system.
Agreed. Another (I suppose) commonly
Source: collectd
Version: 5.1.0-2
Severity: important
All the informations recorded by default are available for normal users
or at most need CAP_DAC_READSEARCH. There is no reason to run collectd
with the highest permissions on the system.
Bastian
-- System Information:
Debian Release:
5 matches
Mail list logo
