diff mbox series

[17/20] NRPE: Prevent NRPE binary from being owned by "nobody"

Message ID ed8b7333-ee81-7261-1574-dc4febbf208d@ipfire.org
State Accepted
Commit d035499c08ca8404127d49c710176f83a2da032b
Headers
Series Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle |

Commit Message

Peter Müller May 17, 2021, 7:06 p.m. UTC 
  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/nagios_nrpe | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/lfs/nagios_nrpe b/lfs/nagios_nrpe
index a8b4b3676..260bcc810 100644
--- a/lfs/nagios_nrpe
+++ b/lfs/nagios_nrpe
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2018  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = nagios_nrpe
-PAK_VER    = 8
+PAK_VER    = 9
 
 DEPS       = nagios-plugins
 
@@ -99,5 +99,8 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	install -v -m 644 ${DIR_SRC}/config/backup/includes/nagios_nrpe \
 		/var/ipfire/backup/addons/includes/nagios_nrpe
 
+	# Prevent NRPE binary from being owned by "nobody"
+	chown root:root /usr/lib/nagios/check_nrpe
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)