Thanks, John, for your reply also on this matter! On Feb 15, 3:16 pm, jcbollinger <john.bollin...@stjude.org> wrote: > It seems like this should do the trick: > puppet -e '$v="xyz" exec { f: command => "/bin/echo v is \'$v\'", > logoutput => true }'
:-) Yeah, that would take care of these particular instances. Now imagine this (in a proper manifest file, so we take shell escaping out of the picture): # This is identical to your proposal, right? : exec { f: command => "/bin/echo v is '$v'", logoutput => true } Now, how about: # double-quote, single-quote, double-quote: This causes an error $v = "'" or # This causes an error too $v = "x'y'z\n@$\"{" or # This does _bad_ stuff $v = "';rm -rf /etc"; My point is, that unless there is some support in puppet for escaping $v, there is *no* way to use $v reliably in an exec command string, given an arbitrary $v. For any quoting suggestion you come up with, I would always be able to come up with a counter-example of $v so that / etc/passwd gets sent to hackers-r-us.dk. Unless puppet supports escaping somehow. Which it looks like it doesn't. Which means, that I have to check all facts and input to puppet outside of puppet, or my custom facts have to be sanitised or pre-escaped before puppet sees them, which is a shame! :-( I'm surprised I can't find an equivalent of Perl's quotemeta or Ruby's Shellwords.escape. Invaluable for _safe_ shell stuff... Peter -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.