Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-2904

Option to securely pass sensitive arguments to External check and User parameter

    Details

      Description

      Command line arguments or environment variables can easily be exposed via the /proc file system.

      Since ZBXNEXT-1550 one can create custom functions that may get sensitive data passed by item arguments as there is no additional process forked that my reveal any information.

      Now I wonder whether it is feasible to improve External check and User parameter functionality to be usable for such cases too - to get sensitive data passed more securely.

      The only way I currently can think of is by optionally passing data to stdin of the custom command.

      I've no clue whether it should rather be configurable in a fixed format with two variables only (username and password) or a free form field supporting line breaks.

      The first allows to use existing form fields. The latter provides maximum flexibility for instance to adapt a format that is already supported by a given custom command.

      I know, without something like ZBXNEXT-1660 there is no real security for sensitive data in Zabbix at all but I think this could still be a worthwhile improvement.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              okkuv9xh Marc
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: