On Oct 15, 2008, at 11:36 AM, Sam Quigley wrote: > > > On Oct 15, 2008, at 7:40 AM, Luke Kanies wrote: >> >> On Oct 15, 2008, at 2:02 AM, David Schmitt wrote: >>> >>> Shouldn't path-attacks be averted by defining a puppet-local path >>> instead of hardcoding the path to a binary? >> >> Hmm, I was thinking of cases where people could add items to a >> legitmate path, but I guess you're right -- one normally only worries >> about people's ability to modify user-writable paths. >> >> I guess I can't come up with a good reason to want fully qualified >> binaries, but I apparently do. :/ > > FWIW, my vote would be (strongly) for always executing fully-specified > binaries, rather than relying on $PATH to do the right thing. If > $PATH is set and controlled correctly, it shouldn't make much of a > difference... but at the very least, it seems easier to verify a > single path than to verify that $PATH is set everywhere correctly. > (Although, I guess even with a full path, you'd need to make sure $IFS > is set correctly, at least on some OSs...) > > Also note that $PATH is only relevant to things executed through the > shell, and I think it would be good to minimize the shell's > involvement. See, eg, http://projects.reductivelabs.com/issues/show/1630
Puppet does what it can internally to not use the shell -- all of the providers use system() directly, unless hacked to do otherwise. In other words, I agree. -- Health is merely the slowest possible rate at which one can die. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
