Issue #5981 has been updated by Luke Kanies.
This is the entire point of the 'symlinks => follow' option - we default to managing symlinks, but we give the user to option to expose themselves to this attack. ---------------------------------------- Bug #5981: Puppet shouldn't overwrite symlinks when specifying content and follow is on. https://projects.puppetlabs.com/issues/5981 Author: Nigel Kersten Status: Needs design decision Priority: High Assignee: Nigel Kersten Category: Target version: 2.6.x Affected Puppet version: Keywords: Branch: Illustration of the issue: <pre> kripke:~ nbk$ echo "target" > /tmp/target kripke:~ nbk$ ln -s /tmp/target /tmp/symlink kripke:~ nbk$ ls -l /tmp/target /tmp/symlink lrwxr-xr-x 1 nbk wheel 11 Jan 23 14:43 /tmp/symlink -> /tmp/target -rw-r--r-- 1 nbk wheel 7 Jan 23 14:43 /tmp/target </pre> <pre> kripke:~ nbk$ puppet --version 2.6.4 kripke:~ nbk$ cat /tmp/test.pp file { "/tmp/symlink": ensure => present, backup => false, links => follow, content => "content", } kripke:~ nbk$ puppet apply -v /tmp/test.pp info: Applying configuration version '1295823089' notice: /Stage[main]//File[/tmp/symlink]/content: content changed '{md5}80fb1dd0b20823f1d83e10d25840e2e4' to '{md5}9a0364b9e99bb480dd25e1f0284c8555' kripke:~ nbk$ ls -la /tmp/target /tmp/symlink -rw-r--r-- 1 nbk wheel 7 Jan 23 14:51 /tmp/symlink -rw-r--r-- 1 nbk wheel 7 Jan 23 14:47 /tmp/target </pre> So even though we're not managing the symlink, and we've only got ensure set to "present", and we have links set to follow, Puppet overwrites the symlink with the contents, rather than the target. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
