On Oct 20, 2010, at 8:34 AM, Trond Hasle Amundsen wrote:
>> Beyond just good programming practice, always use full paths to external
>> programs within your scripts. $PATH may not be what you expect it to be,
>> especially when being run by the nagios daemon which has a more restrictive
>> environment.
>>
>> # (paths may be different on your system)
>> used=`/usr/bin/sudo /usr/bin/rsh $1 /bin/df -v | /bin/grep starlite |
>> /usr/bin/head -1 | /usr/bin/awk '{print $4}'`
>
> Or... set PATH before doing anything else, e.g.
>
> #!/bin/bash
> PATH=/bin:/sbin:/usr/bin:/usr/sbin
> export PATH
> [...rest of script...]
>
> This will enhance readability wrt. using full paths everywhere.
A good start, for sure but I'm a bit more paranoid than that from experience.
If $badguy manages to create /bin/sudo -> /tmp/fakesudo, his will be run due to
path order and you've just facilitated providing your password to him or doing
other nasty stuff, potentially as root.
--
Marc
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
