Hello,
I've got a quick question about the exec type. The exec type does have a
shell provider and a posix provider and the posix provider says
#
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/exec/posix.rb
Executes external binaries **directly, without passing through a
shell** or
performing any interpolation. This is a safer and more predictable way
to execute most commands, but prevents the use of globbing and shell
built-ins (including control logic like "for" and "if" statements).
but when I test the following manifest:
$unsafe_input = "I will fail; /bin/false"
exec { 'Test01':
command => "/bin/echo ${unsafe_input}",
provider => posix,
}
exec { 'Test02':
command => shellquote("/bin/echo", $unsafe_input),
provider => posix,
}
then the first test will fail (because /bin/false is executed instead of
printed), while the second test does work (I am not sure how reliable
shellquote acutally works though).
# on puppet version 4.3.1:
Notice: /Stage[main]/Main/Exec[Test01]/returns: I will fail
Error: /bin/echo I will fail; /bin/false returned 1 instead of one
of [0]
Error: /Stage[main]/Main/Exec[Test01]/returns: change from notrun to
0 failed: /bin/echo I will fail; /bin/false returned 1 instead of one of [0]
Notice: /Stage[main]/Main/Exec[Test02]/returns: executed successfully
Am I misreading the documentation here?
- Stefan
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/56A81F7C.2000702%40taunusstein.net.
For more options, visit https://groups.google.com/d/optout.
