[check_postgres] NO_PSQL_OPTION useless ?
Greg Sabino Mullane
greg at endpoint.com
Tue Dec 28 20:12:43 UTC 2010
On Tue, Dec 28, 2010 at 06:49:43PM +0100, Jehan-Guillaume (ioguix) de Rorthais wrote:
...
> What is the point of the NO_PSQL_OPTION variable exactly ?
To prevent system calls to arbitrary programs.
> There is many other way to cheat check_postgres.pl about the psql version to
> use. Using "PGBINDIR=/whatever/pgsql/bin /tmp/check_postgres.pl --blah" is one
> amongst some others...
>
> In my opnion this issue is not in the check_postgres scope. A simple user should
> be restricted from the system itself first.
The cheating is prevented by setting $PSQL inside the script. That plus
NO_PSQL_OPTION prevents it from being changed, even with PGBINDIR.
> It's much easier to maintain one version of check_postgres in all monitored
> servers than having corner case here and there. And as we always have corner
> case anyway, we should be able to use the configuration file :)
Sure, it's a corner case. Overall, though, I don't think it's anything to
worry about - it does no harm that I can see. If you feel strongly though,
feel free to continue the conversation. :)
--
Greg Sabino Mullane greg at endpoint.com
End Point Corporation
PGP Key: 0x14964AC8
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
Url : https://mail.endcrypt.com/pipermail/check_postgres/attachments/20101228/74cb963f/attachment.bin
More information about the Check_postgres
mailing list