[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] Could not open digest cache
From:       "Stephen Isard" <xkyr47rbma () snkmail ! com>
Date:       2016-10-11 15:34:45
Message-ID: 30697-1476200199-530435 () sneakemail ! com
[Download RAW message or body]

On Mon, 10 Oct 2016, Michael Rash michael.rash-at-gmail.com |fwknop| wrote:
...
> I've attached a patch against 2.6.5 that fixes the problem. It was a bug
> where exit() was not being called upon an execvpe() error. This caused an
> extra copy of fwknopd to be left around. This has been pushed to master,
> and is a fairly important fix I think - thanks for reporting this.

Right, after that patch I don't get the error any more.

> The CMD_REGEX feature was from the old perl version of fwknop, and was easy
> because regex's naturally built into perl. But, in the C version of fwknop,
> one important design goal is to minimize library dependencies, so there
> would need to be compelling reasons to link against libpcre. I think a good
> middle ground here would be to just require a substring match at the
> beginning of what the user provides via a SPA packet - just to validate the
> full path of whatever command is being sent. This could be used to require
> sudo, etc.

Yes, I agree that regex is more than what is required at this level. 
If there is ever a need for it at all, a substring match can direct 
fwknopd to a perl/python/sed/awk/etc script.

Thanks for your quick work.

Stephen Isard



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]