Need a way to prevent custom object variables (e.g. password) from going into environment

Ethan Galstad nagios at nagios.org
Wed Jan 3 01:15:09 CET 2007


rouilj+nagiosdev at cs.umb.edu wrote:
> In message <200612292131.36963.pitchfork at ederdrom.de>,
> Joerg Linge writes:
> 
>> Am Freitag, 29. Dezember 2006 18:36 schrieb rouilj+nagiosdev at cs.umb.edu:
>>> Hi all:
>> [...]
>>> It also mentions that custom object vars are available as
>>> environmental variables. Is there a way to turn that off? I.E. if the
>>> variable was a password you don't want that being passed in the
>>> environment where it is viewable by everybody.
>> The ENV Vars are only available for new processes forked by the Nagios Daemon.
>> So the vars are not available for everybody.
> 
> Using ps I can dump the environment of any/all processes by default
> under linux (ps -auxew for example), so unless you are running a
> security enhanced linux that restricts that, any user on the system
> can see the environment including passwords.
> 
> 				-- rouilj
> John Rouillard


Hmmm... I hadn't thought about this issue.  There's really not an 
easy/efficient way to prevent just a few custom vars from being added as 
environment vars.  Perhaps a different naming convention for some custom 
vars?


Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV




More information about the Developers mailing list