Security problem of zabbix-agent2
There is a security problem with zabbix-agent2. zabbix-agent2-openrc package.
Old zabbix_agentd works correctly under "$user" zabbix which is set by /etc/zabbix/zabbix_agentd.conf
2929 zabbix 0:00 /usr/sbin/zabbix_agentd -f
2955 zabbix 31:09 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
2958 zabbix 2:34 /usr/sbin/zabbix_agentd: listener #3 [waiting for connecti
But "$user" in zabbix-agent2 is set not in config file(/etc/zabbix/zabbix_agent2.conf), but in systemd , which is absent in alpine (and this is good).
It should be section of setting "$user" in /etc/init.d/zabbix-agent2 for starting zabbix-agent2, otherwise it is executed (started) under root.
20950 root 0:00 supervise-daemon zabbix-agent2 --start /usr/sbin/zabbix_agent2 --
20951 root 0:00 /usr/sbin/zabbix_agent2
It is possible to get root access in client potentially during data transfer through public networks with default settings when using zabbix-agent2.