Re: [Linux-ha-dev] [PATCH] [PATCH]: Medium: SAPDatabase: Avoid continiuous output to syslog in monitor with SAP 7.20 and J2EE_ONLY=1

Fri, 14 Jan 2011 02:09:49 -0800 

On Fri, Jan 14, 2011 at 09:41:10AM +0100, Alexander Krauth wrote:
> # HG changeset patch
> # User Alexander Krauth <[email protected]>
> # Date 1294994461 -3600
> # Node ID 267ac174f72d7bfa9b98f573f2a8326ca53df0c2
> # Parent  f87ea003a238810f523effeec4b60205d82abe82
> [PATCH]: Medium: SAPDatabase: Avoid continiuous output to syslog in monitor 
> with SAP 7.20 and J2EE_ONLY=1
> 
> diff -r f87ea003a238 -r 267ac174f72d heartbeat/SAPDatabase
> --- a/heartbeat/SAPDatabase   Tue Jan 11 11:50:33 2011 +0100
> +++ b/heartbeat/SAPDatabase   Fri Jan 14 09:41:01 2011 +0100
> @@ -129,7 +129,7 @@
>    <content type="string" default="" />
>   </parameter>
>   <parameter name="DB_JARS" unique="1" required="0">
> -  <longdesc lang="en">The full qualified filename of the jdbc driver for the 
> database connection test. It will be automaticaly read from the 
> bootstrap.properties file in Java engine 6.40 and 7.00. For Java engine 7.10 
> the parameter is mandatory.</longdesc>
> +  <longdesc lang="en">The full qualified filename of the jdbc driver for the 
> database connection test. It will be automaticaly read from the 
> bootstrap.properties file in Java engine 6.40 and 7.00. For Java engine 7.10 
> and higher the parameter is mandatory.</longdesc>
>    <shortdesc lang="en">file name of the jdbc driver</shortdesc>
>    <content type="string" default="" />
>   </parameter>
> @@ -705,7 +705,7 @@
>  
>        if [ -n "$EXECMD" ]
>        then
> -        output=`eval ${JAVA_HOME}/bin/java -cp $MYCP $EXECMD`
> +        output=`eval ${JAVA_HOME}/bin/java -cp $MYCP $EXECMD 2> /dev/null`

Why does this use eval, at all?

I think using eval there is at least a bug, and may be a security concern,
depending on policy of what administrators of the cluster configuration
are allowed to do.

Same in
sapuserexit() {
  NAME="$1"
  VALUE="$2"

  if [ -n "$VALUE" ]
  then
    if [ -x "$VALUE" ]
    then
      ocf_log info "Calling userexit ${NAME} with customer script file ${VALUE}"
      eval "$VALUE" >/dev/null 2>&1

depending on the exact value of $VALUE, this eval will execute something
different from what you just test -x 'ed.  So that eval has to go there, too.

Both in SAPDatabase and in SAPInstance.

-- 
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com

DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to