I diagree with you again. Even a sysadmin can add a file by mistake and cause
great
damage. THe way it works now, you have to do some work to make a mistake. This
is a
sensible precaution.
Bas van der Vlies wrote:
> On 04-06-10 13:40, Mark Burgess wrote:
>> It is a security risk to accept any file as input to a program that has root
>> privilege.
>> If you work around this, do so at your own risk.
>>
>
> Mark i agree with Vasiliy. I had a former discussion about this a couple a
> months ago. Somebody said also it is a security risk. I do not agree with
> it. You have to be some kind of adminstrator to put files in this
> directory. So if somebody can put a file here. You have already a security
> risk. If you have methods input files it can be handy to have a glob input
> statement.
>
> Maybe we can make option for it. default is no and if you want this
> feature it can be turned on.
>
>
>
>
>> Vasiliy G Tolstov wrote:
>>> В Птн, 04/06/2010 в 13:12 +0400, Vasiliy G Tolstov пишет:
>>>> How can i use * pattern in inputs?
>>>>
>>>> I do not want to specify all files in config file, rather i want to
>>>> inputs => { "xxx/*.cf" };
>>>>
>>>> (cfengine 3.0.4)
>>>>
>>> Ok. Because authors of cfengine not like * in inputs, work around:
>>> "soft" slist =>
>>> splitstring(execresult("/usr/bin/find /var/cfengine/inputs/soft/ -type f
>>> -and -name '*.cf'","noshell")," ",99999999);
>>>
>>>
>>> But my question - why not add this feature to cfengine?
>>>
>
>
--
Mark Burgess
-------------------------------------------------
Professor of Network and System Administration
Oslo University College, Norway
Personal Web: http://www.iu.hio.no/~mark
Office Telf : +47 22453272
-------------------------------------------------
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
