On 10/04/2010 06:33 AM, Thomas Guyot-Sionnest wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10-10-03 10:53 PM, Ethan Galstad wrote:
>> Ton Voon wrote:
>>> On 29 Sep 2010, at 12:36, Matthieu Kermagoret wrote:
>>>
>>>> On Tue, Jun 1, 2010 at 3:49 PM, Matthieu Kermagoret
>>>> wrote:
>>>>> The patch I propose, handle simple commands with shell quoting
>>>>> (simple
>>>>> and double quote). Every command containing any of these characters
>>>>> (escaped or not) will be handled by the shell --> !$^&*()~[]|{};?`
>>>>> >>>>
>>>>> So any feedback on this new proposal ?
>>>>>
>>>> Could it somehow make it into HEAD ? It would resolve issue #86.
>>>
>>> Is it possible to get some libtap tests running against these?
>>>
>>> If so, I'd be happy to review what you have done in the tests.
>>>
>>> However, this is quite an intrusive change, so would have to go into
>>> the next feature branch.
>>>
>>> Ton
>>
>> Agreed - Nice idea, but it should probably wait for a 3.3.x release.
>>
>> Once I release 3.2.3, I'll create a 3.2.x branch and this can get
>> committed to HEAD.
>
> FWIW I've suggested something like that for a long time but never got
> around coding it. I think we should use a different command type (i.e.
> two possible command line option, either one of them and never both
> would be required). Just like for command arguments, they could be
> separated with "!".
>
> For example take my (slightly complex) SNMP load average command:
>> command_line $USER1$/check_snmp -H $HOSTADDRESS$ -o .1.3.6.1.4.1.2021.10.1.3.1,.1.3.6.1.4.1.2021.10.1.3.2,.1.3.6.1.4.1.2021.10.1.3.3 -w $ARG1$ -c $ARG2$ -C $USER5$ -l 1min: -l 5min: -l 15min: -l Load -D ", " -m UCD-SNMP-MIB
>
> It could be rewritten as:
>> command_exec $USER1$/check_snmp!-H!$HOSTADDRESS$!-o!.1.3.6.1.4.1.2021.10.1.3.1,.1.3.6.1.4.1.2021.10.1.3.2,.1.3.6.1.4.1.2021.10.1.3.3!-w!$ARG1$!-c!$ARG2$!-C!$USER5$!-l!1min:!-l!5min:!-l!15min:!-l!Load!-D!, !-m!UCD-SNMP-MIB
>
> This also allow passing empty arguments and doesn't require nagios to do
> any single/double quote parsing, which could break some complex command
> definitions (that would likely be much easier to write in the _exec form
> anyway...)
>
> And I think the same would be beneficial for NRPE as well, allowing at
> the same time to safely pass arguments using the exec form...
>
Parsing arguments is not that hard, and if we run into pipes and sub-shells
we can always fall back very easily to running
const char *cmd_args = {"sh", "-c", cmd}
execv("/bin/sh", cmd_args);
but only if we keep the command-line separated with spaces instead of
exclamation marks. Otherwise the tricky case will still have to be parsed
for escaped exclamation marks.
Don't go down this road. It adds complexity and breaks compatibility for
no real gain.
I like the original suggestion though. Parse quotation marks (double
and single) and if we hit IO redirection or subshells we just let the
shell handle it. It's not that hard.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]