Skip to content
Permalink
Browse files

make the extend mib read-only by default

  • Loading branch information
hardaker committed Jul 23, 2020
1 parent 4097a31 commit 77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205
Showing with 12 additions and 6 deletions.
  1. +12 −6 agent/mibgroup/agent/extend.c
@@ -16,6 +16,12 @@
#define SHELLCOMMAND 3
#endif

/* This mib is potentially dangerous to turn on by default, since it
* allows arbitrary commands to be set by anyone with SNMP WRITE
* access to the MIB table. If all of your users are "root" level
* users, then it may be safe to turn on. */
#define ENABLE_EXTEND_WRITE_ACCESS 0

netsnmp_feature_require(extract_table_row_data);
netsnmp_feature_require(table_data_delete_table);
#ifndef NETSNMP_NO_WRITE_SUPPORT
@@ -742,7 +748,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
*
**********/

#ifndef NETSNMP_NO_WRITE_SUPPORT
#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
case MODE_SET_RESERVE1:
/*
* Validate the new assignments
@@ -1068,15 +1074,15 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
}
}
break;
#endif /* !NETSNMP_NO_WRITE_SUPPORT */
#endif /* !NETSNMP_NO_WRITE_SUPPORT and ENABLE_EXTEND_WRITE_ACCESS */

default:
netsnmp_set_request_error(reqinfo, request, SNMP_ERR_GENERR);
return SNMP_ERR_GENERR;
}
}

#ifndef NETSNMP_NO_WRITE_SUPPORT
#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
/*
* If we're marking a given row as active,
* then we need to check that it's ready.
@@ -1101,7 +1107,7 @@ handle_nsExtendConfigTable(netsnmp_mib_handler *handler,
}
}
}
#endif /* !NETSNMP_NO_WRITE_SUPPORT */
#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */

return SNMP_ERR_NOERROR;
}
@@ -1587,7 +1593,7 @@ fixExec2Error(int action,
idx = name[name_len-1] -1;
exten = &compatability_entries[ idx ];

#ifndef NETSNMP_NO_WRITE_SUPPORT
#if !defined(NETSNMP_NO_WRITE_SUPPORT) && ENABLE_EXTEND_WRITE_ACCESS
switch (action) {
case MODE_SET_RESERVE1:
if (var_val_type != ASN_INTEGER) {
@@ -1608,7 +1614,7 @@ fixExec2Error(int action,
case MODE_SET_COMMIT:
netsnmp_cache_check_and_reload( exten->efix_entry->cache );
}
#endif /* !NETSNMP_NO_WRITE_SUPPORT */
#endif /* !NETSNMP_NO_WRITE_SUPPORT && ENABLE_EXTEND_WRITE_ACCESS */
return SNMP_ERR_NOERROR;
}
#endif /* USING_UCD_SNMP_EXTENSIBLE_MODULE */

0 comments on commit 77f6c60

Please sign in to comment.
You can’t perform that action at this time.