Please sign in to comment.
Added patch to allow bash command substitutions, disabled by default.
Previously, if command arguments were enabled, NRPE would allow arguments of the form $(...), which would cause a bash command substitution and could be used for malicious intent. This patch adds both a configure-time option, --enable-bash-command-substitution, and a configuration file option, allow_bash_command_substitution. Both of these, along with the --enable-command-args configure-time option and the dont_blame_nrpe configuration file option must be enabled or arguments containing $( will be rejected. In addition, some clean-up of the configure.in script was done so options display nicely when the --help argument is specified to the configure script. This patch addresses bug #400.
- Loading branch information...
Showing with 5,913 additions and 3,195 deletions.
Oops, something went wrong.