nrpe, arguments and security
Andreas Ericsson
ae at op5.se
Tue Nov 30 17:28:10 CET 2004
Peter Åstrand wrote:
> On Tue, 30 Nov 2004, Andreas Ericsson wrote:
>
>
>>>+#define ALLOWED_ARGUMENT_CHARS " !abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
>>>
>>
>>! is not currently in the safe-by-default list, as it is treated
>>different depending on where your /bin/sh points to. ,.% are, though.
>
>
> But ! will never reach the shell, since it's just the internal argument
> separator.
>
>
Each argument is parsed individually.
Theoretically one could get by simply by adding single quotes around the
argument and escaping all single quotes within it.
echo 'arg; cat /etc/passwd' is perfectly safe with all shells I'm aware of.
>
>>I've already implemented whitelist argument chars in current NRPE (which
>>isn't publicly available, since I haven't gotten the PK authentication
>>to work properly). Thanks for participating though.
>
>
> It would be great if this issue could be resolved as soon as possible. Is
> it possible that you can add your "whitelist" implementation separated
> from the PK stuff?
>
Possibly, but code is in flux right now so in that case it'll be a
little while before I get things straightened out.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
More information about the Developers
mailing list