Do not launch a shell for each check

Andreas Ericsson ae at op5.se
Mon Oct 4 13:16:24 CEST 2010


On 10/04/2010 12:38 PM, Thomas Guyot-Sionnest wrote:
> On 10-10-04 05:28 AM, Andreas Ericsson wrote:
>>
>> Parsing arguments is not that hard, and if we run into pipes and sub-shells
>> we can always fall back very easily to running
>>
>>   const char *cmd_args = {"sh", "-c", cmd}
>>   execv("/bin/sh", cmd_args);
>>
>> but only if we keep the command-line separated with spaces instead of
>> exclamation marks. Otherwise the tricky case will still have to be parsed
>> for escaped exclamation marks.
>>
>> Don't go down this road. It adds complexity and breaks compatibility for
>> no real gain.
> 
> I'm talking about an explicit command type, like "command_exec" instead
> of "command_line". Actually that doesn't even block you from
> implementing this for the original command_line when you don't need a
> shell, but using a different command type won't have any
> backward-compatibility issue.
> 

You'll still have users that don't understand why "printf lala | sendmail"
can't be a command_exec thing, so we'd be back to square one. They'll just
see "if you do like this, it'll go faster" and change all their commands
to command_exec. Not good.

>> I like the original suggestion though. Parse quotation marks (double
>> and single) and if we hit IO redirection or subshells we just let the
>> shell handle it. It's not that hard.
>>
> 
> Don't forget variable assignment/usage too... Some nagios plugins used
> to be "smart" in the past and this always lead to problems... I'm not
> saying it's impossible though and if you can implement it nicely go
> ahead... I'll limit myself to stress-testing it ;)
> 

Variable substitution comes before argument splitting. That's how it
works today and doing it any other way means it'll be a lot harder to
test the arg-splitting code. This way it'll be quite straightforward
to replace it as well.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

------------------------------------------------------------------------------
Virtualization is moving to the mainstream and overtaking non-virtualized
environment for deploying applications. Does it make network security 
easier or more difficult to achieve? Read this whitepaper to separate the 
two and get a better understanding.
http://p.sf.net/sfu/hp-phase2-d2d




More information about the Developers mailing list