search

monitoring-plugins / monitoring-plugins

Monitoring Plugins
https://www.monitoring-plugins.org
GNU General Public License v3.0
481 stars 283 forks source link

Perlsec breaks any perl plugin with perl 5.8.x [sf#1381604] #509

Closed monitoring-user closed 9 months ago

monitoring-user commented 11 years ago

Submitted by hvenzke on 2005-12-15 14:18:08

I Nagios Dev team members,

i got an general problem with latest nagios(2.x) and some perl scripts:

proxy:/tmp/1/opt/nagios/plugins # ./check_rpc -H
127.0.0.1 -C portmapper                  OK: RPC
program portmapper version 2 udp running
proxy:/tmp/1/opt/nagios/plugins # cp -p ./check_rpc
/opt/nagios/plugins/check_rpc_new
proxy:/tmp/1/opt/nagios/plugins #
/opt/nagios/plugins/check_rpc_new -H 127.0.0.1 -C
portmapper
OK: RPC program portmapper version 2 udp running
proxy:/tmp/1/opt/nagios/plugins # su - nagios
nagios@proxy:~> /opt/nagios/plugins/check_rpc_new -H
127.0.0.1 -C portmapper
Insecure dependency in piped open while running
setuid at /opt/nagios/plugins/check_rpc_new line 309.
nagios@proxy:~> perl -v

This is perl, v5.8.7 built for i586-linux-thread-multi

Copyright 1987-2005, Larry Wall

Perl may be copied only under the terms of either the
Artistic License or the
GNU General Public License, which may be found in the
Perl 5 source kit.

Complete documentation for Perl, including FAQ lists,
should be found on
this system using `man perl' or`perldoc perl'.  If
you have access to the
Internet, point your browser at http://www.perl.org/,
the Perl Home Page.

nagios@proxy:~>
nagios@proxy:~> cat /etc/SuSE-release
SUSE LINUX 10.0 (i586)
VERSION = 10.0
nagios@proxy:~> uname -a
Linux proxy 2.6.13-15-default #1 Tue Sep 13 14:56:15
UTC 2005 i686 i686 i386 GNU/Linux
nagios@proxy:~>

Same gotten with some other perl check like check_disk.

seems perl thing got broken again..

Kind regards ,

Horst Venzke

After found time again for testings... Perl doc http://www.perl.com/doc/manual/html/pod/perlsec.html#Switches_On_the_Line Give us the posibly to get off the above , without mutch code changes now..., all what has to be addes been the -U switch and remove any -w /-W

In example :

instead using

# !/usr/bin/perl -w

use

# !/usr/bin/perl -U

So this been valid for ALL perl plugins on any distro. Tested on suse, redhat , debian , Sun solaris, aix ... with nagios- plug 1.4.2 and also with older ... And the reason was that perl´s securuity levels raised up in general with 5.8.x

Ethan / Ton /../.. Request For Common : In some Nagios / nagios-plugin coding styles this perlsec problem shuold mentioned to get OFF this in general... needs some wiork on all perl things

Kind regards

Horst Venzke

RincewindsHat commented 9 months ago

@sni Is this "our" problem? Is this still a problem? Still don't know much about perl.

sni commented 9 months ago

i don't think this is relevant anymore.