On 2014/04/21 11:00, Gavin Henry wrote: > > On 21 Apr 2014 10:30, "Paul Mansfield" <[email protected]> > wrote: > > > > I'd still use the security setting if possible even if you think it's > unnecessary... to avoid fat finger breakage. > > Yep, makes sense. >
This isn't exactly the highest quality code in the world anyway, but even the authors think that the option you need to set to allow this hole is dangerous enough that you need to compile it with a special argument, and set a config option to enable it, which has the following description: ------ # COMMAND ARGUMENT PROCESSING # This option determines whether or not the NRPE daemon will allow clients # to specify arguments to commands that are executed. This option only works # if the daemon was configured with the --enable-command-args configure script # option. # # *** ENABLING THIS OPTION IS A SECURITY RISK! *** # Read the SECURITY file for information on some of the security implications # of enabling this variable. # # Values: 0=do not allow arguments, 1=allow command arguments dont_blame_nrpe=0 ------
