Protocol "exec" denies to execute any programs, if running as root, see MeterExec.cpp - L123 ff. The option offered in the error message is to recompile vzlogger to allow this using a compile time configuration setting, that allows to call external programs as root.
Instead Exec should:
- Drop elevated privileges, if executed as root, before running the external script.
- Add a
Username or UID parameter that specifies which uid to execute the command as in the configuration.
- In addition
popen uses the default shell, which seems to potentially be open for attacks (reading the cookbook cited below).
OR
- at least recommend using protocol "exec" only when invoking vzlogger as a normal user.
Example code for dropping elevated privileges can be found in "Secure Programming Cookbook for C and C++ by John Viega, Matt Messier", Recipes 1.3, 1.6, 1.7. (but I am not sure this fully applies).
Protocol "exec" denies to execute any programs, if running as root, see MeterExec.cpp - L123 ff. The option offered in the error message is to recompile vzlogger to allow this using a compile time configuration setting, that allows to call external programs as root.
Instead Exec should:
UsernameorUIDparameter that specifies which uid to execute the command as in the configuration.popenuses the default shell, which seems to potentially be open for attacks (reading the cookbook cited below).OR
Example code for dropping elevated privileges can be found in "Secure Programming Cookbook for C and C++ by John Viega, Matt Messier", Recipes 1.3, 1.6, 1.7. (but I am not sure this fully applies).