Panic action

Alan DeKok aland at
Mon Jan 27 14:38:32 CET 2014

Arran Cudbard-Bell wrote:
> Hm, can anyone see any obvious security issues with having the utilities and server check environmental variables for a PANIC_ACTION?

  No.  If it's running as a service, the environment is already
sanitized.  If someone can become root and run radiusd, well... they can
edit anything.

> It allows you to be exceptionally lazy... you could just set it in ~/.profile and an interactive debugger session would pop up any time a utility or daemon crashed.

  That's very useful.

> Just seems like one of those possibly insecure exploitable things... Maybe only enable it #ifndef NDEBUG then it's off for official releases? and for radiusd only if it was running in foreground mode?

  It's useful in daemon mode too.  Just use NDEBUG.

  Alan DeKok.

More information about the Freeradius-Devel mailing list