From 0a3252d88d148a8cb21774cd3ae6a1cb1fbb004c Mon Sep 17 00:00:00 2001 From: awiddersheim Date: Tue, 22 Oct 2013 10:33:56 -0400 Subject: Fix trusted path When configuring the plugins you have the option to specify a trusted path with --with-trusted-path. This option seems to have been deprecated at some point for unknown reasons and had typically had no affect. This commit makes this option work again for those who have a desire to use it. There should be no affect on those who have not chosen to specify a trusted path. diff --git a/configure.in b/configure.in index 7e8c810..7562ca4 100644 --- a/configure.in +++ b/configure.in @@ -75,9 +75,8 @@ AC_DEFINE_UNQUOTED(CGIURL,"$CGIURL",[URL of CGI programs]) AC_ARG_WITH(trusted_path, ACX_HELP_STRING([--with-trusted-path=PATH], - [sets trusted path for executables called by scripts (default=/bin:/sbin:/usr/bin:/usr/sbin)]), - with_trusted_path=$withval, - with_trusted_path=/bin:/sbin:/usr/bin:/usr/sbin) + [sets trusted path for executables called by scripts]), + with_trusted_path=$withval) AC_SUBST(with_trusted_path) EXTRAS= diff --git a/plugins-scripts/check_breeze.pl b/plugins-scripts/check_breeze.pl index a4e8542..037060c 100755 --- a/plugins-scripts/check_breeze.pl +++ b/plugins-scripts/check_breeze.pl @@ -12,7 +12,7 @@ $PROGNAME = "check_breeze"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_disk_smb.pl b/plugins-scripts/check_disk_smb.pl index 0c89db5..01c560e 100755 --- a/plugins-scripts/check_disk_smb.pl +++ b/plugins-scripts/check_disk_smb.pl @@ -32,7 +32,7 @@ sub print_usage (); $PROGNAME = "check_disk_smb"; -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_file_age.pl b/plugins-scripts/check_file_age.pl index dcd5efa..37bbe86 100755 --- a/plugins-scripts/check_file_age.pl +++ b/plugins-scripts/check_file_age.pl @@ -37,6 +37,10 @@ my ($result, $message, $age, $size, $st); $PROGNAME="check_file_age"; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + $opt_w = 240; $opt_c = 600; $opt_W = 0; diff --git a/plugins-scripts/check_flexlm.pl b/plugins-scripts/check_flexlm.pl index 54d933c..0597377 100755 --- a/plugins-scripts/check_flexlm.pl +++ b/plugins-scripts/check_flexlm.pl @@ -43,7 +43,7 @@ $PROGNAME="check_flexlm"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_ifoperstatus.pl b/plugins-scripts/check_ifoperstatus.pl index 588993b..452911b 100755 --- a/plugins-scripts/check_ifoperstatus.pl +++ b/plugins-scripts/check_ifoperstatus.pl @@ -47,6 +47,10 @@ sub usage ($); sub print_usage (); sub process_arguments (); +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + my $timeout; my $status; my %ifOperStatus = ('1','up', diff --git a/plugins-scripts/check_ifstatus.pl b/plugins-scripts/check_ifstatus.pl index 63c71ff..421580a 100755 --- a/plugins-scripts/check_ifstatus.pl +++ b/plugins-scripts/check_ifstatus.pl @@ -46,6 +46,9 @@ sub usage ($); sub print_usage (); sub process_arguments (); +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; my $status; my %ifOperStatus = ('1','up', diff --git a/plugins-scripts/check_ircd.pl b/plugins-scripts/check_ircd.pl index 42a9bca..f80c5c6 100755 --- a/plugins-scripts/check_ircd.pl +++ b/plugins-scripts/check_ircd.pl @@ -63,9 +63,9 @@ sub bindRemote ($$); # -------------------------------------------------------------[ Enviroment ]-- -$ENV{PATH} = ""; -$ENV{ENV} = ""; -$ENV{BASH_ENV} = ""; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; # -----------------------------------------------------------------[ Global ]-- diff --git a/plugins-scripts/check_log.sh b/plugins-scripts/check_log.sh index a1bfb48..a9ff06a 100755 --- a/plugins-scripts/check_log.sh +++ b/plugins-scripts/check_log.sh @@ -57,8 +57,6 @@ # Paths to commands used in this script. These # may have to be modified to match your system setup. -# TV: removed PATH restriction. Need to think more about what this means overall -#PATH="" ECHO="/bin/echo" GREP="/bin/egrep" @@ -72,6 +70,7 @@ TOUCH="/bin/touch" PROGNAME=`/bin/basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" +PATH="@trusted_path@" . $PROGPATH/utils.sh diff --git a/plugins-scripts/check_mailq.pl b/plugins-scripts/check_mailq.pl index 31eb46a..1d0a3ad 100755 --- a/plugins-scripts/check_mailq.pl +++ b/plugins-scripts/check_mailq.pl @@ -39,7 +39,7 @@ sub print_help (); sub print_usage (); sub process_arguments (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; $PROGNAME = "check_mailq"; diff --git a/plugins-scripts/check_mssql.pl b/plugins-scripts/check_mssql.pl index 9a8fc51..4486149 100755 --- a/plugins-scripts/check_mssql.pl +++ b/plugins-scripts/check_mssql.pl @@ -35,6 +35,10 @@ use strict; my $PROGNAME = "check_mssql"; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + my ( $server,$database,$username,$password,$query,$help,$verbose,$timeout, $dbh,$sth,$row, diff --git a/plugins-scripts/check_netdns.pl b/plugins-scripts/check_netdns.pl index ecdbdb1..9871a9a 100755 --- a/plugins-scripts/check_netdns.pl +++ b/plugins-scripts/check_netdns.pl @@ -32,6 +32,10 @@ use utils ; my $PROGNAME = "check_netdns"; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; +$ENV{'ENV'}=''; + Getopt::Long::Configure(`bundling`); GetOptions("V" => $opt_V, "version" => $opt_V, "h" => $opt_h, "help" => $opt_h, diff --git a/plugins-scripts/check_ntp.pl b/plugins-scripts/check_ntp.pl index 5c87e0a..cdcbffa 100755 --- a/plugins-scripts/check_ntp.pl +++ b/plugins-scripts/check_ntp.pl @@ -69,7 +69,7 @@ $PROGNAME="check_ntp"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/check_oracle.sh b/plugins-scripts/check_oracle.sh index 2a8ab21..f5302e3 100755 --- a/plugins-scripts/check_oracle.sh +++ b/plugins-scripts/check_oracle.sh @@ -9,6 +9,7 @@ PROGNAME=`basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" +PATH="@trusted_path@" . $PROGPATH/utils.sh diff --git a/plugins-scripts/check_rpc.pl b/plugins-scripts/check_rpc.pl index d2701e9..e09754d 100755 --- a/plugins-scripts/check_rpc.pl +++ b/plugins-scripts/check_rpc.pl @@ -36,9 +36,9 @@ sub print_help (); sub print_usage (); sub in ($$); -$ENV{'BASH_ENV'}=''; +$ENV{'PATH'}='@trusted_path@'; +$ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; -$ENV{'PATH'}=''; $ENV{'LC_ALL'}='C'; #Initialise protocol for each progname number diff --git a/plugins-scripts/check_sensors.sh b/plugins-scripts/check_sensors.sh index 874e104..53db9b4 100755 --- a/plugins-scripts/check_sensors.sh +++ b/plugins-scripts/check_sensors.sh @@ -1,14 +1,13 @@ #!/bin/sh -PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin - PROGNAME=`basename $0` PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` REVISION="@NP_VERSION@" +TRUSTED_PATH="@trusted_path@" +PATH=${TRUSTED_PATH:-"/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"} . $PROGPATH/utils.sh - print_usage() { echo "Usage: $PROGNAME" [--ignore-fault] } diff --git a/plugins-scripts/check_wave.pl b/plugins-scripts/check_wave.pl index 2671112..8f9a4da 100755 --- a/plugins-scripts/check_wave.pl +++ b/plugins-scripts/check_wave.pl @@ -15,7 +15,7 @@ $PROGNAME = "check_wave"; sub print_help (); sub print_usage (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='@trusted_path@'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; diff --git a/plugins-scripts/subst.in b/plugins-scripts/subst.in index a70ad88..49a95ca 100644 --- a/plugins-scripts/subst.in +++ b/plugins-scripts/subst.in @@ -61,18 +61,9 @@ BEGIN { # add to libexecdir to INC for perl utils.pm /^use/ { if (/lib/) { if (/utils.pm|"."/ ) {sub(/utils.pm|"."/,led() )} } } - -# Trusted path mechanism (deprecated) - -/^[ \t]*\$ENV[ \t]*\{[ \t'"]*PATH[ \t"']*\}[ \t]*=/ { - sub(/\=[ \t]*['"][^"']+["']/,"='@with_trusted_path@' # autoconf-derived"); -} - -/^[\t ]*(export[\t ]*)?PATH[\t ]*=['"]+.+["']$/ { - sub(/\=.*$/,"='@with_trusted_path@' # autoconf-derived"); -} +# Trusted path mechanism +/@trusted_path@/ {sub(/@trusted_path@/,"@with_trusted_path@");} { print; } - -- cgit v0.10-9-g596f