[PATCH 1/2] nagios: Check execution permission on nagios_binary_path only after drop_privileges

Ricardo Jose Maraschini ricardo.maraschini at opservices.com.br
Thu Nov 29 17:49:21 CET 2012

Previous message: [PATCH] xodtemplate: Fix crash when referring to invalid servicegroups
Next message: [PATCH 2/2] nagios: Verify strdup() and nspath_absolute() return before proceed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ricardo Maraschini <ricardo.maraschini at opservices.com.br>

Moved check for execution permission on nagios binary to after
drop daemon's privileges once workers only start to run as
configurated nagios user, while nagios itself may start as root.

Signed-off-by: Ricardo Maraschini <ricardo.maraschini at opservices.com.br>

---
 base/nagios.c |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/base/nagios.c b/base/nagios.c
index a5603bc..bbc5a2f 100644
--- a/base/nagios.c
+++ b/base/nagios.c
@@ -435,17 +435,10 @@ int main(int argc, char **argv, char **env) {
 		 * it absolute so we can launch our workers.
 		 * If not, we needn't bother, as we're using execvp()
 		 */
-		if (strchr(argv[0], '/')) {
+		if (strchr(argv[0], '/'))
 			nagios_binary_path = nspath_absolute(argv[0], NULL);
-			if (access(nagios_binary_path, X_OK) < 0) {
-				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
-				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
-				exit(EXIT_FAILURE);
-				}
-			}
-		else {
+		else
 			nagios_binary_path = strdup(argv[0]);
-		}
 
 		nagios_iobs = iobroker_create();
 
@@ -481,6 +474,16 @@ int main(int argc, char **argv, char **env) {
 				exit(EXIT_FAILURE);
 				}
 
+			/*
+			 * in order to spawn workers, we need to have
+			 * exec permission as nagios_user on
+			 * nagios_binary_path file.
+			 */
+			if (access(nagios_binary_path, X_OK) < 0) {
+				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
+				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
+				exit(EXIT_FAILURE);
+			}
 #ifdef USE_EVENT_BROKER
 			/* initialize modules */
 			neb_init_modules();
-- 
1.7.4.1



------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
VERIFY Test and improve your parallel project with help from experts 
and peers. http://goparallel.sourceforge.net

Previous message: [PATCH] xodtemplate: Fix crash when referring to invalid servicegroups
Next message: [PATCH 2/2] nagios: Verify strdup() and nspath_absolute() return before proceed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list