Package: munin-plugins-core Version: 2.0.21-2 Severity: normal Dear Maintainer,
the munin plugin http_loadtime uses incorrect shell escaping of parameters. I noticed odd requests in my BIND log: error (unexpected RCODE SERVFAIL) resolving 'http_loadtime\".$searchlist/AAAA/IN': ... (where I replaced my default domain with $searchlist and the DNS server address with ...) I traced those requests to the munin plugin http_loadtime, which sets an environment variable for wget options like this: wget_opt="--user-agent \"Munin - http_loadtime\" --no-cache -q --delete-after" and expands them in this expression: loadtime=$(cd $TEMPO_DIR && $time_bin --quiet -f "%e" wget $wget_opt $target 2>&1) Apparently that doesn't work, as the double quote ends up in the arguments of wget. For comparison, equivalent commands in an interactive shell show what happens: kosh@cindy:/tmp$ export target=${target:-"http://localhost/"} kosh@cindy:/tmp$ export wget_opt="--user-agent \"Munin - http_loadtime\" --no-cache --delete-after" kosh@cindy:/tmp$ wget $wget_opt $target --2014-07-02 17:05:12-- http://-/ Resolving - (-)... failed: Name or service not known. wget: unable to resolve host address ‘-’ --2014-07-02 17:05:12-- http://http_loadtime%22/ Resolving http_loadtime" (http_loadtime")... failed: Name or service not known. wget: unable to resolve host address ‘http_loadtime"’ --2014-07-02 17:05:12-- http://localhost/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 550 [text/html] Saving to: ‘index.html’ 100%[=====================================================================================================================================================================================================>] 550 --.-K/s in 0s 2014-07-02 17:05:12 (140 MB/s) - ‘index.html’ saved [550/550] Removing index.html. FINISHED --2014-07-02 17:05:12-- Total wall clock time: 0.1s Downloaded: 1 files, 550 in 0s (140 MB/s) Cheers, Marc -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (745, 'testing'), (255, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages munin-plugins-core depends on: ii munin-common 2.0.21-2 ii perl 5.18.2-4 Versions of packages munin-plugins-core recommends: pn libnet-snmp-perl <none> Versions of packages munin-plugins-core suggests: ii conntrack 1:1.4.1-1 pn libnet-netmask-perl <none> pn libnet-telnet-perl <none> ii libxml-parser-perl 2.41-1+b2 ii python 2.7.6-2 ii ruby 1:2.1.0.1 ii ruby1.9.1 [ruby-interpreter] 1.9.3.484-2 ii ruby2.0 [ruby-interpreter] 2.0.0.484+really457-3 ii ruby2.1 [ruby-interpreter] 2.1.2-2 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org