I don't like the lack of array-based exec (it uses %x{cmd arg arg},
which is `cmd arg arg`, which could lead to shell escapes) but it seems
self-contained (i.e. "arg" only ever comes from system output). I think
the tool looks very fragile as it depends strongly on the output format
of various system tools, so it may become a pain for backporting if that
ever happens. Since it's mostly just a puppet dep, I think this will be
okay. +1
** Changed in: facter (Ubuntu)
Status: New => In Progress
--
Main Inclusion Report for facter.
https://bugs.launchpad.net/bugs/408402
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
