Issue #8104 has been updated by Daniel Pittman. Status changed from Closed to Accepted Assignee set to Ken Barber Priority changed from Normal to Urgent Keywords set to security
Reproduction: 1. cd /tmp 2. git clone git://github.com/puppetlabs/facter.git 3. RUBYLIB=/tmp/facter/lib /tmp/facter/bin ...and you should have the failure demonstrated. The directory `facter` under the current directory is interpreted as a source of facts. Looks like you could convince something run as root to do bad things with that, too. Ken, can you confirm? ---------------------------------------- Bug #8104: Facter 1.6.0 outputs https://projects.puppetlabs.com/issues/8104 Author: James Turnbull Status: Accepted Priority: Urgent Assignee: Ken Barber Category: binary Target version: Keywords: security Branch: Affected Facter version: 1.6.0 $ facter --version 1.6.0 <pre> $ facter Error loading fact ./facter/autotest/discover.rb no such file to load -- autotest Error loading fact ./facter/autotest/facter_rspec.rb no such file to load -- autotest Error loading fact ./facter/autotest/rspec.rb no such file to load -- autotest /usr/local/lib/site_ruby/1.8/puppet/external/dot.rb:57: warning: already initialized constant NODE_OPTS /usr/local/lib/site_ruby/1.8/puppet/external/dot.rb:97: warning: already initialized constant EDGE_OPTS /usr/local/lib/site_ruby/1.8/puppet/external/dot.rb:112: warning: already initialized constant GRAPH_OPTS ... </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
