ld-musl / nagios: crashing (possible security issue!)

Hi,

I'm trying to run nagios with lighttpd under Alpine 3.13.

I found that trac.cgi (nagios) is continuously crashing and tracked this down to that trac.cgi is unable to safely parse the cookies, the webserver passes to the cgi.

Just run from command line

REQUEST_METHOD=GET HTTP_COOKIE="NagFormId=6164e70e; sinatra.session=BAh7BkkiD3Nlc3Npb25faWQGOgZFVG86" /usr/lib/nagios/cgi-bin/tac.cgi

Segmentation fault (core dumped)

(the cookie has nothing to do with nagios, but was sent by the webrowser after the cookie was set from other apps at the same server.)

I tried to get some upstream support under https://support.nagios.com/forum/index.php , but there's not even a category for versions < XI.

Is this version still supported?

@clandmeter

regards

Edited Mar 11, 2021 by Hadmut Danisch

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information