On Thu, December 17, 2015 10:31 pm, Jeremy Laidman wrote:
On Fri, Dec 18, 2015 at 4:40 PM Thurston, John R (DOA) <
user-ce4d79d99bab@xymon.invalid> wrote:
Better, this behavior should be disallowed by default and enabled only
by
explicit action on the client. If you control the client, then it will
be
no big deal to enable on each host. If you don't control the client,
then
it should default to a closed configuration.
I would agree, if backticks were a new feature. But we don't want to
break
things for installations that make use of this. Perhaps change the
default
for a major release?
Also, I think the "secure" form of execution should be enhanced to be able
to do globbing. In that way, many people will be able to convert from
this:
file:`echo /var/log/*/somefile`
to this:
file:/var/log/*/somefile
without executing anything.
This is another excellent idea. glob() is straight out of POSIX as well,
which makes things easy-ish to add for any system halfway recent.
Regards,
-jc