On Fri, Feb 07, 2003 at 02:33:21PM -0500, Jerry Grooms wrote:
>
> Ok, I know this is more precisely a perl question, but bear with me...
>
> I've had mon running for quite a while on several hosts with nary a
> problem. On a new install on a new host, when invoking an unmodified
> monshow client, I'm getting:
>
> server: myhost.my.domain
> time: Fri Feb 7 14:23:38 2003
> state: scheduler running
> Insecure dependency in eval while running with -T switch at ./monshow.orig line 1168.
>
> (due to the -T switch that monshow uses by default)
>
> apparently telling me I have some "tainted" data.
>
>
> I've looked at the mentioned code and I've poked around a bit and
> it's not apparent to me why this would be.
I think this piece of code causes you trouble:
------------------------------------------------------------------------
if (!$CGI)
{
$fmt = <<EOF;
format STDOUT =
@ @<<<<<<<<<<<<<< @<<<<<<<<<<< @<<<<<<<<< @<<<<<<< @<<<<<<<<< @<<< @
EOF
chomp $fmt;
$fmt .= "<" x length($SUMMARY) . "\n";
$fmt .= <<'EOF';
$DEP, $GROUP, $SERVICE, $STATUS, $TIME, $NEXT, $ALERTS, $SUMMARY
.
EOF
eval $fmt;
write;
}
------------------------------------------------------------------------
You can untaint $fmt by putting the following line just before eval $fmt :
$fmt =~ /(.*)/s ; $fmt = $1;
Regards,
--
Konstantin 'Kastus' Shchuka
Unix System Administrator
ePocrates Inc.
tel 650.227.1786
fax 650.592.6995
_______________________________________________
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon
