Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-5704

The "posix" provider of the "exec" resource seems to invoke a shell even though the documentation says it doesn't

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • PUP 3.8.4, PUP 4.5.0, PUP 4.8.0, PUP 4.8.2, PUP 4.10.4
    • PUP 6.24.0, PUP 7.9.0
    • None
    • Debian Testing (stretch) with Puppet 3.8.4

    • Night's Watch
    • 3
    • NW - 2021-06-30, NW - 2021-07-14
    • Enhancement
    • Hide
      The `exec` provider now supports commands provided as an array.
      When the command is an Array of Strings, passed as `[cmdname, arg1, ...]` it will be executed directly(the first element is taken as a command name and the rest are passed as parameters to command with no shell expansion).

      This is supported for the following exec parameters:
      comand, onlyif, unless, refresh

      Example:
      exec { 'test':
        command => ['/bin/echo', '*'],
        unless => [['test', '-f', 'filename']],
      }

      Note that for` onlyif` and `unless`, because this parameters already accept multiple commands as an array, you need to pass the value as an array of array to take advantage of the new behaviour.
      Show
      The `exec` provider now supports commands provided as an array. When the command is an Array of Strings, passed as `[cmdname, arg1, ...]` it will be executed directly(the first element is taken as a command name and the rest are passed as parameters to command with no shell expansion). This is supported for the following exec parameters: comand, onlyif, unless, refresh Example: exec { 'test':   command => ['/bin/echo', '*'],   unless => [['test', '-f', 'filename']], } Note that for` onlyif` and `unless`, because this parameters already accept multiple commands as an array, you need to pass the value as an array of array to take advantage of the new behaviour.

    Description

      This issue was first reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809786

      Hi,

      the puppet type reference describes the "posix" provider of the "exec"
      resource like this: [0]

      posix
      Executes external binaries directly, without passing through a shell or
      performing any interpolation. This is a safer and more predictable way to
      execute most commands, but prevents the use of globbing and shell built-ins
      (including control logic like “for” and “if” statements).

      However:

      root@shepard:~# cat manifest.pp 
      $input = 'foo; if false; then exit 23; else exit 42; fi'
      exec { "/bin/echo ${input}":
      provider => 'posix',
      }
      root@shepard:~# puppet apply manifest.pp 
      Notice: Compiled catalog for shepard.kurtz.be in environment production in 0.04 seconds
      Notice: /Stage[main]/Main/Exec[/bin/echo foo; if false; then exit 23; else exit 42; fi]/returns: foo
      Error: /bin/echo foo; if false; then exit 23; else exit 42; fi returned 42 instead of one of [0]
      Error: /Stage[main]/Main/Exec[/bin/echo foo; if false; then exit 23; else exit 42; fi]/returns: change from notrun to 0 failed: /bin/echo foo; if false; then exit 23; else exit 42; fi returned 42 instead of one of [0]
      Notice: Finished catalog run in 0.08 seconds
      root@shepard:~# 
      

      I'm not really sure what to make of this, but it seems... unexpected.
      What do you guys think?

      Best regards

      Alexander Kurtz

      [0] https://docs.puppetlabs.com/references/3.8.latest/type.html#exec-provider-posix

      Attachments

        Activity

          People

            gheorghe.popescu Gheorghe Popescu
            alexander@kurtz.be Alexander Kurtz
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Zendesk Support