Bug #887
Environment variable leak in blastwave provider
| Status: | Closed | Start: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assigned to: | - | % Done: | 0% |
|
| Category: | package | |||
| Target version: | 0.25.2 | |||
| Affected version: | 0.25.1 | Branch: | http://github.com/MarkusQ/puppet/tree/ticket/0.25.x/887 | |
| Keywords: | ||||
| Votes: | 1 |
Description
In provider/package/blastwave.rb:
# This is so stupid, but then, so is blastwave.
ENV[[PAGER]] = "/usr/bin/cat"
This environment variable leaks in all other types (such as exec). This could lead to strange behaviours of script launched by an exec because under some OS /usr/bin/cat does not exist.
This problem appeared during an automated Vmware Workstation installation, the vmware-install.pl script failed when run with PAGER=/usr/bin/cat.
History
Updated by Tim Stoop over 2 years ago
910 suggests using @which cat@, but I’m not sure that’s a good solution. Don’t think it’s important enough for misspiggy.
Updated by Redmine Admin about 2 years ago
- Status changed from 1 to Accepted
Updated by James Turnbull about 1 year ago
- Assigned to deleted (
Puppet Community) - Affected version set to 0.24.8
Updated by Kjetil Torgrim Homme 8 months ago
- Category changed from Solaris to exec
I was surprised that evalutation of a provider doesn’t stop after a failing confine, but since it doesn’t, this bug actually affects all operatingsystems.
there is a very simple fix: since /bin is a symlink to /usr/bin on Solaris, use the full path “/bin/cat”.
(a colleague had the exact same problem as the original reporter just now :–)
Updated by Kjetil Torgrim Homme 8 months ago
- Affected version changed from 0.24.8 to 0.25.1
Updated by Luke Kanies 8 months ago
- Target version changed from unplanned to 0.25.2
This really shouldn’t be that hard of a fix – just replace each call to pkgget with ‘withenv :PAGER => “/usr/bin/cat” { … }’.
Or rather, alias the method to do exactly that.
Updated by Markus Roberts 8 months ago
- Status changed from Accepted to Ready for Testing
- Branch set to http://github.com/MarkusQ/puppet/tree/ticket/0.25.x/887
Updated by James Turnbull 8 months ago
- Category changed from exec to package
- Status changed from Ready for Testing to Closed
Pushed in commit:“b96b757f1d091130b06542856c5b5b3a683a8e39” in branch 0.25.x