Syslog 3.1 has a hardcoded path for sh which causes issues running other scripts

Question

Syslog 3.1 has a hardcoded path for sh which causes issues running other scripts

bmfmancini opened this issue 4 years ago · 18 comments

Hey Everyone,

I ran into an issue with syslog 3.1 where it would execute a shell script but would not execute a python script
the Log would repport the script was executed without error but the script was not actually run
I even created a simple hello world script to log to a file same deal

I came across the below block of code and I notice that exec_background has a hardcoded path to /bin/sh
I removed that path still no go I changed

exec_background('/bin/sh', $command);

To

exec($command);

And that resolved my issue

See the original block

if ($alert['open_ticket'] == 'on' && strlen(read_config_option('syslog_ticket_command'))) {
									if (is_executable(read_config_option('syslog_ticket_command'))) {
										exec(read_config_option('syslog_ticket_command') .
											" --alert-name='" . clean_up_name($alert['name']) . "'" .
											" --severity='"   . $alert['severity'] . "'" .
											" --hostlist='"   . implode(',',$hostlist) . "'" .
											" --message='"    . $alert['message'] . "'");
									}
								}
							}
						}else{
							/* get a list of hosts impacted */
							$hostlist[] = $a['host'];
						}

						if (trim($alert['command']) != '' && !$ignore) {
							$command = alert_replace_variables($alert, $a);
							cacti_log("SYSLOG NOTICE: Executing '$command'", true, 'SYSTEM');
							exec_background('/bin/sh', $command);
						}
					}

Is there a reason to have the exec_background vs exec ?
I will send a pull request but just want to understand the original design

Thanks !

Answer 1 · 2021-03-08T21:37:59.000Z

exec_background is a Cacti function
https://github.com/Cacti/cacti/blob/ad7f9e7e30a5c55d3b09d807153377e41bfa294e/src/lib/poller.php#L132
that takes into account whether Cacti is running on Windows or Linux and what arguments are passed.

Answer 2 · 2021-03-08T21:52:26.000Z

Thanks @cigamit I will re-test with exec_background but I am sure the hardcoded shell path should be removed
not all script being run will be shell in my opinion

Answer 3 · 2021-03-08T21:56:38.000Z

Ah actually I noticed this

in syslog_process.php

the only files included are

include(dirname(FILE) . '/../../include/cli_check.php');
include(dirname(FILE) . '/config.php');
include_once(dirname(FILE) . '/functions.php');

I dont see poller.php being included which I would think would be required for that function to work
I dont see exec_background mentioned in any other file in the syslog files aside from setup.php

Answer 4 · 2021-03-08T21:58:25.000Z

Have you tried putting the python command (with full path) in front of the command?
so
/usr/bin/python /path/to/my/script.py

Answer 5 · 2021-03-08T22:01:10.000Z

yes it also fails until you removed the path to sh
I figure it must be running /bin/sh /usr/bin/python /path/to/script

Answer 6 · 2021-03-08T22:01:32.000Z

cli_check.php includes global.php, which then includes the lib/poller.php.

Otherwise you would be getting an error in your cacti log about it, and Cacti would be disabling the plugin.

Answer 7 · 2021-03-08T22:03:51.000Z

ah ok makes sense

Answer 8 · 2021-03-08T22:10:21.000Z

OK I just tried again with background_exec($command) that breaks it
log shows the command is being executed but doesnt
move that to exec($command) and back to working state

Answer 9 · 2021-03-08T22:11:43.000Z

ya, we may have a to make a change to pass "-c" tell /bin/sh that its a command as /bin/sh can execute python just fine like so

[root@localhost ~]# /bin/sh -c "/usr/bin/python ~/test.py"
Hello World
[root@localhost ~]# /bin/sh -c "~/test.py"
Hello World

Your other option for now is to wrap the python script in a shell executor

#!/bin/sh
/usr/bin/python /path/to/my/script.py

Answer 10 · 2021-03-08T22:13:31.000Z

So try changing it to
exec_background('/bin/sh -c ', '"' . $command . '"');

Answer 11 · 2021-03-08T22:16:35.000Z

That whole section does need to be changed though, as

It doesn't work on Windows
It allows arbitrary commands to be run

Answer 12 · 2021-03-08T22:17:58.000Z

So try changing it to
exec_background('/bin/sh -c ', '"' . $command . '"');

trying now

Answer 13 · 2021-03-08T22:20:34.000Z

No go

I did run that command using /bin/sh -c command manually as the apache user and it did execute the script
but not via php it will only work with exec($command)

Answer 14 · 2021-03-08T22:22:56.000Z

  if (trim($alert['command']) != '' && !$ignore) {
      $command = alert_replace_variables($alert, $a);
       cacti_log("SYSLOG NOTICE: Executing '$command'", true, 'SYSTEM'); 
      exec($command);#working
      #exec_background('/bin/sh -c ', '"' . $command . '"'); #not working

Answer 15 · 2021-03-09T23:30:20.000Z

Likely cause your Debian system is running 'dash' as it's default shell.

Answer 16 · 2021-03-09T23:56:07.000Z

This is a rhel system Default shell is bash though

…

On Tue., Mar. 9, 2021, 18:30 TheWitness, ***@***.***> wrote: Likely cause your Debian system is running 'dash' as it's default shell. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#151 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADGEXTCQTTPJ52KFP22GBK3TC2OQVANCNFSM4Y2E44OA> .

Answer 17 · 2022-03-23T23:53:17.000Z

Yea, makes no sense, pushing a workaround.

Answer 18 · 2022-03-23T23:54:42.000Z

Should be fixed now. Close if so.