Bug 226918 - net-mgmt/monitoring-plugins: check_mailq sudo option requires build time security/sudo dependency to work
Summary: net-mgmt/monitoring-plugins: check_mailq sudo option requires build time secu...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-25 16:23 UTC by alexander
Modified: 2018-03-27 10:53 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description alexander 2018-03-25 16:23:33 UTC 
The check_mailq plugin has an option to use sudo to execute the mailq command with limited privileges. However, the detection of the sudo command is done at build time, and the path is hard-coded into "/usr/local/libexec/nagios/utils.pm" as PATH_TO_SUDO. If none is found, this value is set to an empty string, effectively disabling the feature.

When building with portmaster, this was not an issue as the build picked up on the installed sudo reliably, but of course clean room builds with poudriere don't do that any more.

Solution: either make sudo a required or optional build-time and run-time dependency of this port to ensure correct sudo path is picked up during build.
Comment 1 Mathieu Arnold freebsd_committer freebsd_triage 2018-03-27 08:16:13 UTC 
I just checked, and the fact that sudo is not present at build time does not change anything.
There is an autoconf variable set to force the location of sudo.

$ grep sudo Makefile
                ac_cv_path_PATH_TO_SUDO=${LOCALBASE}/bin/sudo \

and it is correctly set even if sudo is not present:

root@11amd64-ports:~ # grep sudo /usr/local/libexec/nagios/utils.pm
$PATH_TO_SUDO    = "/usr/local/bin/sudo";
root@11amd64-ports:~ # type sudo
sudo: not found

And the code is not removed from check_mailq, but it only works if sudo is installed.  So, all in all, I do not understand. All you need to do is have sudo present when check_mailq rans for it to be able to use it.
Comment 2 alexander 2018-03-27 09:12:32 UTC 
I just downloaded the official latest package build just to make sure it's not my local build setup:

wget https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/monitoring-plugins-2.2_3.txz
tar -xf monitoring-plugins-2.2_3.txz
grep sudo usr/local/libexec/nagios/utils.pm

yields no results as the file only contains

## updated by autoconf
$PATH_TO_SUDO    = "";
$PATH_TO_RPCINFO = "/usr/bin/rpcinfo" ;
$PATH_TO_LMSTAT  = "" ;
$PATH_TO_SMBCLIENT = "/usr/local/bin/smbclient" ;
$PATH_TO_MAILQ   = "/usr/bin/mailq";
$PATH_TO_QMAIL_QSTAT = "/var/qmail/bin/qmail-qstat";
Comment 3 Mathieu Arnold freebsd_committer freebsd_triage 2018-03-27 09:15:23 UTC 
Oh, sorry, I looked at nagios-plugins, I did not know anyone was using the other brand.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-03-27 09:20:41 UTC 
A commit references this bug:

Author: mat
Date: Tue Mar 27 09:20:31 UTC 2018
New revision: 465678
URL: https://svnweb.freebsd.org/changeset/ports/465678

Log:
  Force path to sudo to fix, at least, check_mailq -s.

  PR:		226918
  Reported by:	alexander wittig name
  Sponsored by:	Absolight

Changes:
  head/net-mgmt/monitoring-plugins/Makefile
Comment 5 commit-hook freebsd_committer freebsd_triage 2018-03-27 10:53:56 UTC 
A commit references this bug:

Author: mat
Date: Tue Mar 27 10:53:48 UTC 2018
New revision: 465686
URL: https://svnweb.freebsd.org/changeset/ports/465686

Log:
  MFH: r465678

  Force path to sudo to fix, at least, check_mailq -s.

  PR:		226918
  Reported by:	alexander wittig name
  Sponsored by:	Absolight

Changes:
_U  branches/2018Q1/
  branches/2018Q1/net-mgmt/monitoring-plugins/Makefile