This patch is for the most recent trunk (svn://svn.zabbix.com/trunk@4976).
So far, net.if.* for OpenBSD uses kvm(3) to gather network interface data. This requires the zabbix agent user to be in group kvm to be able to read /dev/kvm.
This potentially enables an attacker to read all of the system's memory!
Tools like systat(1) use sysctl(3) to aquire the data they're looking for.
I used Markus Friedl's code from systat/if.c to read interface data now. The code is BSD licensed and can therefore be used in a gpl environment as well.
I also added support for link status.
The patch requires sysctl.h to work and hence adds param.h to configure.in (see system.boottime for OpenBSD (needs testing)).
Don't hesitate to contact me if you have any feedback.
So far, net.if.* for OpenBSD uses kvm(3) to gather network interface data. This requires the zabbix agent user to be in group kvm to be able to read /dev/kvm.
This potentially enables an attacker to read all of the system's memory!
Tools like systat(1) use sysctl(3) to aquire the data they're looking for.
I used Markus Friedl's code from systat/if.c to read interface data now. The code is BSD licensed and can therefore be used in a gpl environment as well.
I also added support for link status.
The patch requires sysctl.h to work and hence adds param.h to configure.in (see system.boottime for OpenBSD (needs testing)).
Don't hesitate to contact me if you have any feedback.
Comment