Package: munin-plugins-core
Version: 2.0.21-2
Severity: normal
Dear Maintainer,
the munin plugin http_loadtime uses incorrect shell escaping of parameters.
I noticed odd requests in my BIND log:
error (unexpected RCODE SERVFAIL) resolving
'http_loadtime\".$searchlist/AAAA/IN': ...
(where I replaced my default domain with $searchlist and the DNS server address
with ...)
I traced those requests to the munin plugin http_loadtime, which sets an
environment variable for wget options like this:
wget_opt="--user-agent \"Munin - http_loadtime\" --no-cache -q --delete-after"
and expands them in this expression:
loadtime=$(cd $TEMPO_DIR && $time_bin --quiet -f "%e" wget $wget_opt $target
2>&1)
Apparently that doesn't work, as the double quote ends up in the arguments of
wget.
For comparison, equivalent commands in an interactive shell show what happens:
kosh@cindy:/tmp$ export target=${target:-"http://localhost/"}
kosh@cindy:/tmp$ export wget_opt="--user-agent \"Munin - http_loadtime\"
--no-cache --delete-after"
kosh@cindy:/tmp$ wget $wget_opt $target
--2014-07-02 17:05:12-- http://-/
Resolving - (-)... failed: Name or service not known.
wget: unable to resolve host address ‘-’
--2014-07-02 17:05:12-- http://http_loadtime%22/
Resolving http_loadtime" (http_loadtime")... failed: Name or service not known.
wget: unable to resolve host address ‘http_loadtime"’
--2014-07-02 17:05:12-- http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 550 [text/html]
Saving to: ‘index.html’
100%[=====================================================================================================================================================================================================>]
550 --.-K/s in 0s
2014-07-02 17:05:12 (140 MB/s) - ‘index.html’ saved [550/550]
Removing index.html.
FINISHED --2014-07-02 17:05:12--
Total wall clock time: 0.1s
Downloaded: 1 files, 550 in 0s (140 MB/s)
Cheers,
Marc
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (745, 'testing'), (255, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages munin-plugins-core depends on:
ii munin-common 2.0.21-2
ii perl 5.18.2-4
Versions of packages munin-plugins-core recommends:
pn libnet-snmp-perl <none>
Versions of packages munin-plugins-core suggests:
ii conntrack 1:1.4.1-1
pn libnet-netmask-perl <none>
pn libnet-telnet-perl <none>
ii libxml-parser-perl 2.41-1+b2
ii python 2.7.6-2
ii ruby 1:2.1.0.1
ii ruby1.9.1 [ruby-interpreter] 1.9.3.484-2
ii ruby2.0 [ruby-interpreter] 2.0.0.484+really457-3
ii ruby2.1 [ruby-interpreter] 2.1.2-2
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
