GitLab

There is a security problem with zabbix-agent2. zabbix-agent2-openrc package.

Old zabbix_agentd works correctly under "$user" zabbix which is set by /etc/zabbix/zabbix_agentd.conf

 2929 zabbix    0:00 /usr/sbin/zabbix_agentd -f
 2955 zabbix   31:09 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
 2958 zabbix    2:34 /usr/sbin/zabbix_agentd: listener #3 [waiting for connecti

But "$user" in zabbix-agent2 is set not in config file(/etc/zabbix/zabbix_agent2.conf), but in systemd , which is absent in alpine (and this is good).

It should be section of setting "$user" in /etc/init.d/zabbix-agent2 for starting zabbix-agent2, otherwise it is executed (started) under root.

20950 root      0:00 supervise-daemon zabbix-agent2 --start /usr/sbin/zabbix_agent2 --
20951 root      0:00 /usr/sbin/zabbix_agent2

It is possible to get root access in client potentially during data transfer through public networks with default settings when using zabbix-agent2.