Issue #5495 has been updated by James Turnbull. Status changed from Accepted to Needs Decision Assignee set to Nigel Kersten
Nigel - see Support URL addition. ---------------------------------------- Bug #5495: Exec resource searches CWD when testing file attributes of executables https://projects.puppetlabs.com/issues/5495 Author: Luke Bigum Status: Needs Decision Priority: Normal Assignee: Nigel Kersten Category: exec Target version: Affected Puppet version: 2.6.3 Keywords: Branch: I've noticed a problem with Exec resources that use an explicit or global default path seem to search the current working directory when testing the attributes on executable commands as part of 'unless', 'onlyif' or 'command' parameters where the binary is an unqualified (eg: "grep" vs "/bin/grep"). If the current working directory contains a file of the same name as what is to be executed in the Puppet manifest, then it may cause the Ruby sanity tests in type/exec.rb to fail. See the following terminal log for a demonstration: [root@host ~]# pwd /root [root@host ~]# cat test.pp exec { "test Exec": path => "/usr/sbin:/usr/bin:/sbin:/bin", command => "echo Woof", onlyif => "grep localhost /etc/hosts", } [root@host ~]# puppet apply test.pp notice: /Stage[main]//Exec[test Exec]/returns: executed successfully [root@host ~]# touch grep [root@host ~]# puppet apply test.pp err: /Stage[main]//Exec[test Exec]: Could not evaluate: 'grep' is not executable [root@host ~]# rm grep rm: remove regular empty file `grep'? y [root@host ~]# touch echo [root@host ~]# puppet apply test.pp err: /Stage[main]//Exec[test Exec]/returns: change from notrun to 0 failed: 'echo' is not executable [root@host ~]# rm echo rm: remove regular empty file `echo'? y [root@host ~]# puppet apply test.pp notice: /Stage[main]//Exec[test Exec]/returns: executed successfully >From what I can tell this is not a security issue though. I've tried embedding >a shell script of the same name as the binary in the CWD but it looks like >it's probably only the Ruby FileTest that has the problem, not the actual >execution of binaries: [root@host ~]# pwd /root [root@host ~]# cat grep #!/bin/bash touch Done_bad_stuff [root@host ~]# cat test.pp exec { "test Exec": path => "/usr/sbin:/usr/bin:/sbin:/bin", command => "echo Woof", onlyif => "grep localhost /etc/hosts", } [root@host ~]# puppet apply test.pp notice: /Stage[main]//Exec[test Exec]/returns: executed successfully [root@host ~]# ls -ld Done_bad_stuff ls: Done_bad_stuff: No such file or directory [root@host ~]# -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
