Re: Process Regexp Problems

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Process Regexp Problems

From:	Brendan Strejcek
Subject:	Re: Process Regexp Problems
Date:	Tue, 13 Apr 2004 21:06:55 -0500
User-agent:	Mutt/1.3.28i

Russell Adams wrote:

> The answer turned out to be:
> 
>     "[0-9] /usr/sbin/cron"
> 
> I tried various methods of detecting the brackets that failed
> miserably.

If you really wanted to match not-brackets you could do it with
a negated character class:

    $ echo '[' | egrep '[^[]'
    $ echo a | egrep '[^[]'
    a
    $ echo ']' | egrep '[^]]'
    $ echo a | egrep '[^]]'
    a
    $ echo '[/usr/sbin/cron]' | egrep '[^]]/usr/sbin/cron[^]]'
    $ echo a/usr/sbin/cronb | egrep '[^]]/usr/sbin/cron[^]]'
    a/usr/sbin/cronb

I'm not sure exactly why you would want to write a process regex in this
manner, but I enjoy regexs so I just thought I would throw it out there.

> This will suffice.

That will match non-root processes named /usr/sbin/cron also... an
atacker might be able to start a fake cron and fool cfagent into not
restarting a service which should be running. Not that this is a clear
and present danger or anything, but why take chances?

[Prev in Thread]

Current Thread

[Next in Thread]

Process Regexp Problems, Russell Adams, 2004/04/13
- Re: Process Regexp Problems, Kurt Lieber, 2004/04/13
- Re: Process Regexp Problems, Brendan Strejcek, 2004/04/13
- Re: Process Regexp Problems, Russell Adams, 2004/04/13
  - Re: Process Regexp Problems, Brendan Strejcek <=

Prev by Date: Re: Process Regexp Problems
Next by Date: Re: Cfengine sources
Previous by thread: Re: Process Regexp Problems
Next by thread: Version as a special variable w/patch
Index(es):
- Date
- Thread