Nagios 4: Commands are unescaped twice

Andreas Ericsson ae at op5.se
Fri Jan 11 12:55:40 CET 2013


On 01/10/2013 05:22 PM, Adam James wrote:
> Hi Andreas,
> 
> On 08/01/13 10:12, Andreas Ericsson wrote:
>> lib/runcmd.c is the library code which shouldn't change its behaviour. The
>> code in utils.c should be removed instead.
> 
> The attached patch removes the general escape handling code from
> utils.c, with the exception of "\!" as otherwise it wouldn't be possible
> to include a "!" inside an argument.
> 
> If you think this should be done differently then let me know and I'll
> amend the patch.
> 
>> On the other hand, the runcmd.c code should have a flag argument one can
>> use to tell it to ignore certain characters, with "ignore everything" to
>> be taken as "split on every whitespace-sequence and disregard quoting and
>> escaping entirely".
> 
> What's the use case for this?
> 

To run commands via execve() and let the executed command see exactly what
we want to pass to it. It would be a pretty simple thing to do and would
allow callers to either handle their own escaping or ignore it entirely.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Considering the successes of the wars on alcohol, poverty, drugs and
terror, I think we should give some serious thought to declaring war
on peace.

------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812




More information about the Developers mailing list