[Xymon] Feature request: safe logfetch

J.C. Cleaver cleaver at terabithia.org
Fri Dec 18 18:47:20 CET 2015


On Thu, December 17, 2015 10:31 pm, Jeremy Laidman wrote:
> On Fri, Dec 18, 2015 at 4:40 PM Thurston, John R (DOA) <
> john.thurston at alaska.gov> wrote:
>
>> Better, this behavior should be disallowed by default and enabled only
>> by
>> explicit action on the client. If you control the client, then it will
>> be
>> no big deal to enable on each host. If you don't control the client,
>> then
>> it should default to a closed configuration.
>
>
> I would agree, if backticks were a new feature.  But we don't want to
> break
> things for installations that make use of this.  Perhaps change the
> default
> for a major release?
>
> Also, I think the "secure" form of execution should be enhanced to be able
> to do globbing.  In that way, many people will be able to convert from
> this:
>
>   file:`echo /var/log/*/somefile`
>
> to this:
>
>   file:/var/log/*/somefile
>
> without executing anything.


This is another excellent idea. glob() is straight out of POSIX as well,
which makes things easy-ish to add for any system halfway recent.


Regards,
-jc




More information about the Xymon mailing list