You can work around the '*' restriction if you like, but wildcard matching on
inputs is a security risk. The reason is as follows:
1) Assume there is a inputs => { "xxx/*.cf" }; in your promises.cf
2) You do testing in a different directory other than /var/cfengine/inputs
(this is a good idea sometimes :-)
3) A bad guy can put a badguy.cf somewhere that it will be processed if you
run a certain combination of cf-agent flags, and then the badguys's config
gets executed.
It is not that we don't like '*', it is that we like safety and security.
-Dan
> Ð ÐÑн, 04/06/2010 в 13:12 +0400, Vasiliy G Tolstov пиÑеÑ:
> > How can i use * pattern in inputs?
> >
> > I do not want to specify all files in config file, rather i want to
> > inputs => { "xxx/*.cf" };
> >
> > (cfengine 3.0.4)
> >
>
> Ok. Because authors of cfengine not like * in inputs, work around:
> "soft" slist =>
> splitstring(execresult("/usr/bin/find /var/cfengine/inputs/soft/ -type f
> -and -name '*.cf'","noshell")," ",99999999);
>
>
> But my question - why not add this feature to cfengine?
>
> --
> Vasiliy G Tolstov <[email protected]>
> Selfip.Ru
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
