Nagios 4: Commands are unescaped twice
Andreas Ericsson
ae at op5.se
Fri Jan 11 12:55:40 CET 2013
On 01/10/2013 05:22 PM, Adam James wrote:
> Hi Andreas,
>
> On 08/01/13 10:12, Andreas Ericsson wrote:
>> lib/runcmd.c is the library code which shouldn't change its behaviour. The
>> code in utils.c should be removed instead.
>
> The attached patch removes the general escape handling code from
> utils.c, with the exception of "\!" as otherwise it wouldn't be possible
> to include a "!" inside an argument.
>
> If you think this should be done differently then let me know and I'll
> amend the patch.
>
>> On the other hand, the runcmd.c code should have a flag argument one can
>> use to tell it to ignore certain characters, with "ignore everything" to
>> be taken as "split on every whitespace-sequence and disregard quoting and
>> escaping entirely".
>
> What's the use case for this?
>
To run commands via execve() and let the executed command see exactly what
we want to pass to it. It would be a pretty simple thing to do and would
allow callers to either handle their own escaping or ignore it entirely.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
More information about the Developers
mailing list