[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Process Regexp Problems

From: Brendan Strejcek
Subject: Re: Process Regexp Problems
Date: Tue, 13 Apr 2004 21:06:55 -0500
User-agent: Mutt/1.3.28i

Russell Adams wrote:

> The answer turned out to be:
>     "[0-9] /usr/sbin/cron"
> I tried various methods of detecting the brackets that failed
> miserably.

If you really wanted to match not-brackets you could do it with
a negated character class:

    $ echo '[' | egrep '[^[]'
    $ echo a | egrep '[^[]'
    $ echo ']' | egrep '[^]]'
    $ echo a | egrep '[^]]'
    $ echo '[/usr/sbin/cron]' | egrep '[^]]/usr/sbin/cron[^]]'
    $ echo a/usr/sbin/cronb | egrep '[^]]/usr/sbin/cron[^]]'

I'm not sure exactly why you would want to write a process regex in this
manner, but I enjoy regexs so I just thought I would throw it out there.

> This will suffice.

That will match non-root processes named /usr/sbin/cron also... an
atacker might be able to start a fake cron and fool cfagent into not
restarting a service which should be running. Not that this is a clear
and present danger or anything, but why take chances?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]