Skip to content

Commit 77f6c60

Browse files
committed
make the extend mib read-only by default
1 parent 4097a31 commit 77f6c60

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

Diff for: agent/mibgroup/agent/extend.c

+12-6
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,12 @@
1616
#define SHELLCOMMAND 3
1717
#endif
1818

19+
/* This mib is potentially dangerous to turn on by default, since it
20+
* allows arbitrary commands to be set by anyone with SNMP WRITE
21+
* access to the MIB table. If all of your users are "root" level
22+
* users, then it may be safe to turn on. */
23+
#define ENABLE_EXTEND_WRITE_ACCESS 0
24+
1925
netsnmp_feature_require(extract_table_row_data);
2026
netsnmp_feature_require(table_data_delete_table);
2127
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
742748
*
743749
**********/
744750

745-
#ifndef NETSNMP_NO_WRITE_SUPPORT
751+
#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
746752
case MODE_SET_RESERVE1:
747753
/*
748754
* Validate the new assignments
@@ -1068,15 +1074,15 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
10681074
}
10691075
}
10701076
break;
1071-
#endif /* !NETSNMP_NO_WRITE_SUPPORT */
1077+
#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */
10721078

10731079
default:
10741080
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
10751081
return SNMP_ERR_GENERR;
10761082
}
10771083
}
10781084

1079-
#ifndef NETSNMP_NO_WRITE_SUPPORT
1085+
#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
10801086
/*
10811087
* If we're marking a given row as active,
10821088
* then we need to check that it's ready.
@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
11011107
}
11021108
}
11031109
}
1104-
#endif /* !NETSNMP_NO_WRITE_SUPPORT */
1110+
#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
11051111

11061112
return SNMP_ERR_NOERROR;
11071113
}
@@ -1587,7 +1593,7 @@ fixExec2Error(int action,
15871593
idx = name[name_len-1] -1;
15881594
exten = &compatability_entries[ idx ];
15891595

1590-
#ifndef NETSNMP_NO_WRITE_SUPPORT
1596+
#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
15911597
switch (action) {
15921598
case MODE_SET_RESERVE1:
15931599
if (var_val_type != ASN_INTEGER) {
@@ -1608,7 +1614,7 @@ fixExec2Error(int action,
16081614
case MODE_SET_COMMIT:
16091615
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
16101616
}
1611-
#endif /* !NETSNMP_NO_WRITE_SUPPORT */
1617+
#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
16121618
return SNMP_ERR_NOERROR;
16131619
}
16141620
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

0 commit comments

Comments
 (0)