In <EC70BBBBD43A8B468D2460FE1CFAAA2614885107 at EX1.nibco.com> "Kauffman, Tom" <KauffmanT at nibco.com> writes:
Well, among other things - the file that went missing was a crontab . . .
I've built a small perl script to get the data and dump it out to the clien= t data stream; hobbit runs it via sudo. I'm also looking at logfetch.c, the= hobbit program that does the process. I can see Henrik has thought about t= his, because the code to get and drop root permissions is present - bracket= ed by ifdefs for 'BIG_SECURITY_HOLE'.
I need to satisfy myself about the logfetch code, and then I think a recomp= ile may be in order.
The BIG_SECURITY_HOLE shows up because logfetch has no way of validating that it is using a configuration file that hasn't been tampered with. So if you run logfetch as root, you can feed it a config file listing secret files that you want to read (like /etc/shadow), and it will happily read them for you and put the contents into the Hobbit client-message. Not good ...
A custom status-check might be the simplest way of doing what you want.
Henrik