Commit [eaaebb]  Maximize  Restore  History

Added patch to allow bash command substitutions, disabled by default.

Previously, if command arguments were enabled, NRPE would allow arguments
of the form $(...), which would cause a bash command substitution and could
be used for malicious intent. This patch adds both a configure-time option,
--enable-bash-command-substitution, and a configuration file option,
allow_bash_command_substitution. Both of these, along with the
--enable-command-args configure-time option and the dont_blame_nrpe
configuration file option must be enabled or arguments containing $(
will be rejected.

In addition, some clean-up of the configure.in script was done so options
display nicely when the --help argument is specified to the configure script.

This patch addresses bug #400.

Eric Stanley Eric Stanley 2012-12-17

changed Changelog
changed SECURITY
changed configure
changed configure.in
changed include/config.h.in
changed sample-config/nrpe.cfg.in
changed src/nrpe.c
Changelog Diff Switch to side-by-side view
Loading...
SECURITY Diff Switch to side-by-side view
Loading...
configure Diff Switch to side-by-side view
Loading...
configure.in Diff Switch to side-by-side view
Loading...
include/config.h.in Diff Switch to side-by-side view
Loading...
sample-config/nrpe.cfg.in Diff Switch to side-by-side view
Loading...
src/nrpe.c Diff Switch to side-by-side view
Loading...

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks