On Fri, Dec 18, 2015 at 4:40 PM Thurston, John R (DOA) <
user-ce4d79d99bab@xymon.invalid> wrote:
Better, this behavior should be disallowed by default and enabled only by
explicit action on the client. If you control the client, then it will be
no big deal to enable on each host. If you don't control the client, then
it should default to a closed configuration.
I would agree, if backticks were a new feature. But we don't want to break
things for installations that make use of this. Perhaps change the default
for a major release?
Also, I think the "secure" form of execution should be enhanced to be able
to do globbing. In that way, many people will be able to convert from this:
file:`echo /var/log/*/somefile`
to this:
file:/var/log/*/somefile
without executing anything.