[Xymon] Feature request: safe logfetch
J.C. Cleaver
cleaver at terabithia.org
Fri Dec 18 18:47:20 CET 2015
On Thu, December 17, 2015 10:31 pm, Jeremy Laidman wrote:
> On Fri, Dec 18, 2015 at 4:40 PM Thurston, John R (DOA) <
> john.thurston at alaska.gov> wrote:
>
>> Better, this behavior should be disallowed by default and enabled only
>> by
>> explicit action on the client. If you control the client, then it will
>> be
>> no big deal to enable on each host. If you don't control the client,
>> then
>> it should default to a closed configuration.
>
>
> I would agree, if backticks were a new feature. But we don't want to
> break
> things for installations that make use of this. Perhaps change the
> default
> for a major release?
>
> Also, I think the "secure" form of execution should be enhanced to be able
> to do globbing. In that way, many people will be able to convert from
> this:
>
> file:`echo /var/log/*/somefile`
>
> to this:
>
> file:/var/log/*/somefile
>
> without executing anything.
This is another excellent idea. glob() is straight out of POSIX as well,
which makes things easy-ish to add for any system halfway recent.
Regards,
-jc
More information about the Xymon
mailing list