Tomte has asked for the wisdom of the Perl Monks concerning the following question:

the following code is remotely ecexuted via ssh2 to check the used space on all mounted disks. It is executed via another script , this second script checks the command to execute remotely matches /^[:%'"\/\.a-z0-9 \-_]+$/i

The parameter to this second script might look like: 

-C 'check_df_all -w 10% -c 3%'

[download]

the second script will see to it that the call is made with the correct absolute path.

The scripts aren't writeable to the executing user (neither on the calling nor on the called machine), but the parameters may be changed.

Given these precautions and the code below, which checks the parameters given, would you say, this is secure, or could you come up with an exploit easily?

The script:
#!/usr/bin/perl -w
use strict;
use Getopt::Long;

use vars qw($opt_h $opt_w $opt_c $PROGNAME $VERSION);
use lib "/data/programme/nagios/libexec";
use utils qw(%ERRORS &print_revision &support &usage);

use Filesys::DiskFree;

$PROGNAME = 'check_df_all';
$VERSION = '$Revision: 1.2 $';

sub print_help ();
sub print_usage ();

$ENV{'PATH'}='';
$ENV{'BASH_ENV'}=''; 
$ENV{'ENV'}='';

Getopt::Long::Configure('bundling');
GetOptions (
     "h"   => \$opt_h, "help"       => \$opt_h,
     "w=s" => \$opt_w, "warn=s"     => \$opt_w,
     "c=s" => \$opt_c, "crit=s"     => \$opt_c
);

# check options

# help wanted
if ($opt_h) {print_help(); exit($ERRORS{'OK'});}
# no use executing me without these
($opt_w && $opt_c) || usage("specify -w /and/ -c\n");

# check the passed values
my $warn_limit = int($1) if $opt_w =~ m/^([0-9]+)(%??)$/;
# warning limit in percent ?
my $wp = 1 if $2 eq '%';
$wp |= 0;

my $crit_limit = int($1) if $opt_c =~ m/^([0-9]+)(%??)$/;
# critical limit in percent ?
my $cp = 1 if $2 eq '%';
$cp |= 0;

# no use executing me without these
# passed in correctly
usage("invalid parameter(s)") if !$crit_limit or !$warn_limit;

# get data
my $dfh = new Filesys::DiskFree;
(print "can't exec df" && exit($ERRORS{'UNKNOWN'})) if !$dfh->df();

my $warn = 0;
my $crit = 0;

my @disks = $dfh->disks();
my $text = '';
# examine data, we're not interested in devfs, shmfs and the like
map { $text .= " [" . check_disk($_) . "] " if $dfh->device($_) =~ m!^
+/!; } @disks;

# print assembled status
print $text;

exit($ERRORS{'CRITICAL'}) if $crit > 0;
exit($ERRORS{'WARNING'}) if $warn > 0;
exit($ERRORS{'OK'});

# examine data for one mounted disk    
sub check_disk {
    my $mount_point = shift;
    my $total = $dfh->total($mount_point) / 1024;
    my $used  = $dfh->used($mount_point) / 1024;
    my $used_percent = ($used / $total) * 100;
    my $result = int($used_percent) . '% used on ' . $mount_point;
    if ($cp && ((100 - $used_percent) < $crit_limit)) {
        $crit = 1;
    } elsif (!$cp && ($crit_limit < ($total - $used))) {
        $crit = 1;
    }
    if ($wp && ((100 - $used_percent) <= $warn_limit)) {
        $warn = 1;
    } elsif (!$wp && ($warn_limit < ($total - $used))) {
        $warn = 1;
    }
    return $result;
}

sub print_usage () {
    print "Usage: $PROGNAME -w d[%] -c d[%]\nUsage: $PROGNAME -h";
}

sub print_help () {
    print_revision($PROGNAME,$VERSION);
    print "Copyright (c) 2003 My Company

This plugin uses Filesys::DiskFree to scan all mounted devices, and re
+turnes warnings or critical failures if /one/ ore more of the devices
+ exceed the given ranges

 -w, --warning=INTEGER
   Exit with WARNING status if less than INTEGER kilobytes of disk are
+ free
 -w, --warning=PERCENT%
   Exit with WARNING status if less than PERCENT of disk space is free
 -c, --critical=INTEGER
   Exit with CRITICAL status if less than INTEGER kilobytes of disk ar
+e free
 -c, --critical=PERCENT%
   Exit with CRITCAL status if less than PERCENT of disk space is free

";
    print_usage();
    print "
";
    support();
}

[download]

FYI: I changed Filesys::DiskFree to call df with an absolute path.

I of course also appreciate any advise to improve my perl coding-style and skills, but my main concern is the security of this code.


regards,
tomte

Replies are listed 'Best First'.
Re: script-security / custom nagios-check
by Aragorn (Curate) on Jan 30, 2003 at 11:36 UTC
    I'm not a security expert, but you seem to do a pretty thorough job on checking the values that are passed in. As in "This is allowed, anything else is not", as opposed to "This is not allowed, anything else is", the latter of which is far too common in argument/variable cleaning code.

    Also, check out the -T perl command-line option. (Taint checking).

    Arjen

[reply]
[d/l]

      Yes, I thought while doing that one :-)
      but I can't be as rigid as I wanted to with the regexp checking the command remotely executed, my main concern is if there's a weakness due to that.

      As for -T | -t : I had a look on that and thought it wouldn't make a difference in this case, am I plain wrong with this assumption?

      regards,
      tomte

[reply]
        -T helps you in security in that it marks any data coming from 'the outside' as tainted untill you explicitly untaint it with a regexp.
        #!/bin/perl -wT
use strict;

my $taintedVar = $ARGV[0];
if ($taintedVar =~ m/^([0-9]+)$/)
{
  my $UNtaintedVar = $1;
}

        [download]
        A not-so-smart programmer could use (.*) as a regexp and then the data $1 would be untainted but insecure.
[reply]
[d/l]

Back to Seekers of Perl Wisdom