Issue #4288 has been updated by Markus Roberts.
It isn't just that we want to see that the executable exists; we want to avoid the possibility of shell-injection attacks. The array form, which executes the requested executable with the specified arguments is both faster and safer than the "make it all into a string and hope the shell takes it apart the way you intended form. This was a conscious design decision on Luke's part, and I happen to agree with it. We shouldn't fall into the trap of trading security for convenience, especially when users can (as noted above) still explicitly evoke the shell if they want. ---------------------------------------- Bug #4288: Error if exec command starts with shell built-in like "if" http://projects.puppetlabs.com/issues/4288 Author: Alan Harder Status: Accepted Priority: Normal Assignee: Paul Berry Category: exec Target version: Affected version: 2.6.0 Keywords: Branch: <pre>exec { 'foo': command => 'if [ "abc" != "def" ]; then echo "this is a test"; fi', logoutput => true }</pre> With the above test case on 2.6.0rc4 (on Solaris 10 with ruby 1.8.7) I get: <pre>err: /Stage[main]//Node[...]/Exec[foo]/returns: change from notrun to 0 failed: Could not find executable 'no if in /usr/bin /usr/sbin'</pre> A command like this worked in 0.25.5.. is the behavior change intentional, or is this a bug? Side node: if I add whitespace at the front (command => ' if [ .....') then the error says *Could not find command ''* -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
