[Pkg-nagios-devel] Bug#538828: nagios3-common: README.Debian fails to explain why external commands are disabled

Sascha Wilde wilde at intevation.de
Mon Jul 27 11:16:50 UTC 2009 

Package: nagios3-common
Version: 3.0.6-4~lenny2
Severity: normal


README.Debian says "agios 3 is not configured to look for external commands in the
default configuration as a security feature.".

While this explains why external commands don't work it does not explain the rational 
behind disabelilng them.  "as a security feature" is an meta explaination which does 
not allow an administrator to evaluate the pros and cons on re-enabeling the commands
feature.

The README should state what are the concrete risks of enabeling "external commands"
and what problems are known.  This is needed so that an administrator can make an 
qualified decision on this subject.

-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-xen-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages nagios3-common depends on:
ii  adduser            3.110                 add and remove users and groups
ii  apache2-utils      2.2.9-10+lenny4       utility programs for webservers
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-3 A simple mail user agent
ii  coreutils          6.10-6                The GNU core utilities
ii  debconf [debconf-2 1.5.24                Debian configuration management sy
ii  lsb-base           3.2-20                Linux Standard Base 3.2 init scrip
ii  nagios-plugins-bas 1.4.12-5              Plugins for the nagios network mon
ii  nagios3-doc        3.0.6-4~lenny2        documentation for nagios3
ii  ucf                3.0016                Update Configuration File: preserv

Versions of packages nagios3-common recommends:
ii  apache2                  2.2.9-10+lenny4 Apache HTTP Server metapackage
ii  apache2-mpm-worker [http 2.2.9-10+lenny4 Apache HTTP Server - high speed th
ii  nagios-images            0.4             Collection of images and icons for
pn  nagios-plugins           <none>          (no description available)

nagios3-common suggests no packages.

-- debconf information excluded

More information about the Pkg-nagios-devel mailing list