Ensure that hostnames used for ping-tests are valid - to avoid the security hole.

author: Steve Kemp <steve@steve.org.uk> 2012-11-19 14:07:01 +0000
committer: Steve Kemp <steve@steve.org.uk> 2012-11-19 14:07:01 +0000
commit: 04297853c0804cada299bf233f760d9debc01a25 (patch)
tree: 8428c574d2d43c932cc3cb258136f21e73376785 /lib/custodian/parser.rb
parent: 495c59efb1522699f978cabe28b42adf9014f492 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/custodian/parser.rb b/lib/custodian/parser.rb
index 77adc48..ea25c3a 100644
--- a/lib/custodian/parser.rb
+++ b/lib/custodian/parser.rb
@@ -373,6 +373,16 @@ class MonitorConfig
           :timeout     => @timeout
         }
 
+        #
+        # Sanity check the hostname for ping-tests, to
+        # avoid this security hole:
+        #
+        #   $(/tmp/exploit.sh) must run ping ..
+        #
+        if ( service == "ping" )
+          raise ArgumentError, "Invalid hostname for ping-test: #{host}" unless( host =~ /^([a-zA-Z0-9:\-\.]+)$/ )
+        end
+
 
         #
         #  Alert text will have a default, which may be overridden.
author	Steve Kemp <steve@steve.org.uk>	2012-11-19 14:07:01 +0000
committer	Steve Kemp <steve@steve.org.uk>	2012-11-19 14:07:01 +0000
commit	04297853c0804cada299bf233f760d9debc01a25 (patch)
tree	8428c574d2d43c932cc3cb258136f21e73376785 /lib/custodian/parser.rb
parent	495c59efb1522699f978cabe28b42adf9014f492 (diff)