[Nagios-devel] Need a way to prevent custom object variables (e.g. password) from going into environment

John Rouillard rouilj+nagiosdev at cs.umb.edu
Wed Jan 3 02:22:38 UTC 2007


In message <459AF58D.2060202 at nagios.org>,
Ethan Galstad writes:

>rouilj+nagiosdev at cs.umb.edu (John Rouillard) wrote:
>> In message <200612292131.36963.pitchfork at ederdrom.de>,
>> Joerg Linge writes:
>> 
>>> Am Freitag, 29. Dezember 2006 18:36 schrieb rouilj+nagiosdev at cs.umb.edu:
>>>> Hi all:
>>> [...]
>>>> It also mentions that custom object vars are available as
>>>> environmental variables. Is there a way to turn that off? I.E. if the
>>>> variable was a password you don't want that being passed in the
>>>> environment where it is viewable by everybody.
>>> The ENV Vars are only available for new processes forked by the Nagios
>>> Daemon.
>>> So the vars are not available for everybody.
>> 
>> Using ps I can dump the environment of any/all processes by default
>> under linux (ps -auxew for example), so unless you are running a
>> security enhanced linux that restricts that, any user on the system
>> can see the environment including passwords.
>
>Hmmm... I hadn't thought about this issue.  There's really not an 
>easy/efficient way to prevent just a few custom vars from being added as 
>environment vars.  Perhaps a different naming convention for some custom 
>vars?

That could work. Maybe a trailing _ in the name or something prevents
it from being created as an environment variable.

Still have the problem of how to make the custom variable useful
though since it can't be on the command line for the same reason.

				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.




More information about the Nagios-devel mailing list