Re: glob in inputs

Fri, 04 Jun 2010 05:10:04 -0700 

On 04-06-10 13:58, Mark Burgess wrote:
>
> I diagree with you again. Even a sysadmin can add a file by mistake and cause 
> great
> damage. THe way it works now, you have to do some work to make a mistake. 
> This is a
> sensible precaution.
>
It was not a discussion with you ;-). A sysadmin can make many mistakes, 
eg: Override a existing configuration file with also can cause great damage.

In cf3 you have also add the bundle/method to the bundlesequence so the 
impact is to my knowledge rather low if you put a new file here and of 
course everything is well tested before you put your new config into 
production.

> Bas van der Vlies wrote:


>> On 04-06-10 13:40, Mark Burgess wrote:
>>> It is a security risk to accept any file as input to a program that has 
>>> root privilege.
>>> If you work around this, do so at your own risk.
>>>
>>
>> Mark i agree with Vasiliy. I had a former discussion about this a couple a
>> months ago. Somebody said also it is a security risk. I do not agree with
>> it. You have to be some kind of adminstrator to put files in this
>> directory. So if somebody can put a file here. You have already a security
>> risk. If you have methods input files it can be handy to have a glob input
>> statement.
>>
>> Maybe we can make option for it.  default is no and if you want this
>> feature it can be turned on.
>>
>>
>>
>>
>>> Vasiliy G Tolstov wrote:
>>>> В Птн, 04/06/2010 в 13:12 +0400, Vasiliy G Tolstov пишет:
>>>>> How can i use * pattern in inputs?
>>>>>
>>>>> I do not want to specify all files in config file, rather i want to
>>>>> inputs =>   { "xxx/*.cf" };
>>>>>
>>>>> (cfengine 3.0.4)
>>>>>
>>>> Ok. Because authors of cfengine not like * in inputs, work around:
>>>> "soft" slist =>
>>>> splitstring(execresult("/usr/bin/find /var/cfengine/inputs/soft/ -type f
>>>> -and -name '*.cf'","noshell")," ",99999999);
>>>>
>>>>
>>>> But my question - why not add this feature to cfengine?
>>>>
>>
>>
>


-- 
********************************************************************
*  Bas van der Vlies                    e-mail: b...@sara.nl       *
*  SARA - Academic Computing Services   Amsterdam, The Netherlands *
********************************************************************
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine

Reply via email to