Re: [Linux-ha-dev] [PATCH] Low: SAPInstance, SAPDatabase: Allow blanks in path of userexit script

Mon, 24 Jan 2011 07:48:28 -0800 

Hi,

On Mon, Jan 24, 2011 at 10:21:11AM +0100, Alexander Krauth wrote:
> # HG changeset patch
> # User Alexander Krauth <[email protected]>
> # Date 1295860568 -3600
> # Node ID 4f7a4a2e18ef5e79e9b444273d8a0ff556b40e43
> # Parent  f9bb7dc26c80aaae2711a1b66e1af7a92d33bbc6
> Low: SAPInstance,SAPDatabase: Allow blanks in path of userexit script

Why do you want to allow whitespace here? That doesn't really
add much in terms of flexibility.

> diff -r f9bb7dc26c80 -r 4f7a4a2e18ef heartbeat/SAPDatabase
> --- a/heartbeat/SAPDatabase   Wed Jan 19 18:42:22 2011 +0100
> +++ b/heartbeat/SAPDatabase   Mon Jan 24 10:16:08 2011 +0100
> @@ -541,7 +541,7 @@
>      if [ -x "$VALUE" ]

If there's whitespace in VALUE, then this test will fail.

>      then
>        ocf_log info "Calling userexit ${NAME} with customer script file 
> ${VALUE}"
> -      $VALUE >/dev/null 2>&1
> +      "$VALUE" >/dev/null 2>&1
>        ocf_log info "Exiting userexit ${NAME} with customer script file 
> ${VALUE}, returncode: $?"
>      else
>        ocf_log warn "Attribute ${NAME} is set to ${VALUE}, but this file is 
> not executable"
> diff -r f9bb7dc26c80 -r 4f7a4a2e18ef heartbeat/SAPInstance
> --- a/heartbeat/SAPInstance   Wed Jan 19 18:42:22 2011 +0100
> +++ b/heartbeat/SAPInstance   Mon Jan 24 10:16:08 2011 +0100
> @@ -448,7 +448,7 @@
>      if have_binary "$VALUE"

And this one too.

As Lars suggested, I'd opt for test -x "$VALUE" in both places
and not allow anything apart from the script in it. The script
could be invoked with some useful parameters such as SID or
whatever may be of interest.

Thanks,

Dejan

>      then
>        ocf_log info "Calling userexit ${NAME} with customer script file 
> ${VALUE}"
> -      $VALUE >/dev/null 2>&1
> +      "$VALUE" >/dev/null 2>&1
>        ocf_log info "Exiting userexit ${NAME} with customer script file 
> ${VALUE}, returncode: $?"
>      else
>        ocf_log warn "Attribute ${NAME} is set to ${VALUE}, but this file is 
> not executable"
> _______________________________________________________
> Linux-HA-Dev: [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to