On Mon, 10 Oct 2016, Michael Rash michael.rash-at-gmail.com |fwknop| wrote: ... > I've attached a patch against 2.6.5 that fixes the problem. It was a bug > where exit() was not being called upon an execvpe() error. This caused an > extra copy of fwknopd to be left around. This has been pushed to master, > and is a fairly important fix I think - thanks for reporting this.
Right, after that patch I don't get the error any more. > The CMD_REGEX feature was from the old perl version of fwknop, and was easy > because regex's naturally built into perl. But, in the C version of fwknop, > one important design goal is to minimize library dependencies, so there > would need to be compelling reasons to link against libpcre. I think a good > middle ground here would be to just require a substring match at the > beginning of what the user provides via a SPA packet - just to validate the > full path of whatever command is being sent. This could be used to require > sudo, etc. Yes, I agree that regex is more than what is required at this level. If there is ever a need for it at all, a substring match can direct fwknopd to a perl/python/sed/awk/etc script. Thanks for your quick work. Stephen Isard ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
