summaryrefslogtreecommitdiffstats
path: root/lib/puppet/util.rb
Commit message (Collapse)AuthorAgeFilesLines
* Reversion of pipe IO patch for testing on #3025Markus Roberts2010-01-121-39/+54
|
* Fix for temporary file security wholeMarkus Roberts2010-01-051-0/+22
| | | | | | | | | | | | | | | | | | | | | | | We create temporary files in /tmp/ with predictable names. These could be used by an attacker to DoS a box by setting a symlink to some other file (say, /etc/shadow) and waiting for us to overwrite it. The minimalistic solution employed by this patch is to wrap all such file writing with a paranoid wrapper that: 1) Check to see if the target exists 2) Issues a warning if it was a symlink 3) Deletes it 4) Waits (0.1 seconds if it was a file, 5 seconds if it was a symlink) 5) Opens the file with EXCL, which will fail if the file has come back. If this succeeds (as it normally will) it has exactly the same semantics as the original code (a must, as we are right at a release boundary). However, under no circumstances will it follow a preexisting symlink (the operating system guarantees this with EXCL) so the danger of an exploit has been converted into the possibility of a failure, with an appropriate warning.
* Do not close stdout or stderr in execute.Ricky Zhou2010-01-021-9/+12
| | | | | | Closing stdout and stderr would sometimes cause failures when a program that is executed with squelched output tries to write to them. This reverts to the previous behavior of reopening them to /dev/null.
* Use a pipe instead of a temp file for command output.Ricky Zhou2010-01-011-54/+36
| | | | | | This solves some SELinux issues with programs such as mount being denied from writing to temporary files and removes a race condition with temporary file creation.
* Revert "Fix for #2731 (problem communicating with processes in SELinux)"James Turnbull2009-12-311-22/+51
| | | | | | Due to problems introduced on HP-UX (See #2997) This reverts commit 6ab2453d966d1d48e12d8a8cec34b9e460597d04.
* Fix for #2731 (problem communicating with processes in SELinux)Markus Roberts2009-12-231-51/+22
| | | | | | | | | | In some cases communicating with child processes via temprary files is not viable. This is Ricky Zhou's patch from the ticket, which solves the problem by using the more normal system of pipes. It is a broader reaching change than suggested by the ticket (it affects all execs, not just SELinux) but IMHO is the right way to go. Signed-off-by: Markus Roberts <Markus@reality.com>
* Fixed #1806 - supplementary groups are not resetJames Turnbull2009-11-201-2/+3
| | | | | | Patch thanks to Till Maas Signed-off-by: James Turnbull <james@lovedthanlost.net>
* Fixes #1719, this avoids calling the external binary *which* everytime we ↵Ohad Levy2009-10-131-11/+6
| | | | are looking for a binary
* Monkey patch to improve yaml compatibility between ruby versionsMarkus Roberts2009-09-051-0/+1
| | | | | | | | | Ruby 1.8.1 can not parse the yanl produced by later versions because it requires explict type tagging of symbols. This patch adds the tagging on to later versions so that mixed version instalations can use yaml. Signed-off-by: Markus Roberts <Markus@reality.com>
* Fixes #724 - false is equivalent to 'ruby -W1'Marc Fournier2009-09-011-1/+1
| | | | Signed-off-by: Marc Fournier <marc.fournier@camptocamp.com>
* Removing chuser on darwin restrictionLuke Kanies2009-08-241-4/+0
| | | | | | | | | | | For too long we have refused to change users on Darwin because a long time ago the ruby they shipped with was really, really broken. It's been fixed for a while, so this just removes the restriction. Signed-off-by: Luke Kanies <luke@madstop.com>
* Removed extra whitespace from end of linesIan Taylor2009-06-061-8/+8
|
* Changed tabs to spaces without interfering with indentation or alignmentIan Taylor2009-06-061-1/+1
|
* Preparing to fix #1812 - Moving locking code to a moduleLuke Kanies2008-12-121-34/+2
| | | | | | | This moves the locking code out of Puppet::Util into a separate module, to make the code cleaner. Signed-off-by: Luke Kanies <luke@madstop.com>
* add some more sanity checks around stdinNigel Kersten2008-12-061-3/+9
|
* add support for stdin to Puppet::Util.executeNigel Kersten2008-12-061-2/+2
|
* Fixed #1752 - Add an optional argument to Puppet::Util.execute to determine ↵James Turnbull2008-11-191-2/+7
| | | | whether stderr and stdout are combined in the output
* Fixing a test that was failing because i-have-no-ideaLuke Kanies2008-10-081-1/+5
| | | | Signed-off-by: Luke Kanies <luke@madstop.com>
* Fixed issues with file descriptors leaking into subprocessesJames Turnbull2008-09-131-0/+1
|
* Fixed #1571 - Puppet::Util::binary returns incorrect resultsJames Turnbull2008-09-131-8/+3
|
* Fixed #1414 - Return code from waitpid now right shifted 8 bitsJames Turnbull2008-07-171-1/+1
|
* Found all instances of methods where split() is used withoutLuke Kanies2008-03-211-1/+2
| | | | | | | | | | any local variables and added a local variable -- see http://snurl.com/21zf8. My own testing showed that this caused memory growth to level off at a reasonable level. Note that the link above says the problem is only with class methods, but my own testing showed that it's any method that meets these criteria. This is not a functional change, but should hopefully be the last nail in the coffin of #1131.
* Removing the Id tags from all of the filesLuke Kanies2007-10-031-1/+0
|
* The new configuration handler looks to be ready for usage. Now I just need ↵Luke Kanies2007-08-151-1/+1
| | | | to convert the interpreter to use SimpleNode objects, then continue with the Configuration object.
* Hopefully fixing #720 -- I added tests and a lame back-off system to give ↵luke2007-07-191-3/+24
| | | | | | the child process time to write git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2717 980ebf18-57e1-0310-9a29-db15c13687c0
* Removing the chdir from util.rb, I forgot that the directory often mattersluke2007-07-191-1/+0
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2712 980ebf18-57e1-0310-9a29-db15c13687c0
* Hopefully fixing #640, and maybe some warnings at the same time. I added a ↵luke2007-07-191-0/+2
| | | | | | call to Process.setsid after the fork, and I chdir'd to /. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2711 980ebf18-57e1-0310-9a29-db15c13687c0
* Trying to get rid of the warning from #724luke2007-07-181-0/+3
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2703 980ebf18-57e1-0310-9a29-db15c13687c0
* Adding the output_file.close, as wyvern recommendedluke2007-06-181-0/+1
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2605 980ebf18-57e1-0310-9a29-db15c13687c0
* Applying the patch by wyvern from #662. This should hopefully kill the ↵luke2007-06-181-60/+43
| | | | | | client hanging problems. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2604 980ebf18-57e1-0310-9a29-db15c13687c0
* Fixing error when commands fail -- the error code is now printed, instead of ↵luke2007-06-111-1/+1
| | | | | | the inspection of it git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2557 980ebf18-57e1-0310-9a29-db15c13687c0
* Set LANG/LC_ALL/LC_MESSAGES/LANGUAGE to 'C' whenever we execute things, so ↵mpalmer2007-05-031-0/+1
| | | | | | that the output that comes back is more easily parsed, without needing to understand all sorts of foreign languages git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2456 980ebf18-57e1-0310-9a29-db15c13687c0
* Okay, one last try -- the Util#binary command was not returning a path in ↵luke2007-04-271-1/+1
| | | | | | all true cases, and the provider tests were poorly written and missed it. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2427 980ebf18-57e1-0310-9a29-db15c13687c0
* Fix for #565: Final merge of changes from source:branches/execute-refactor ↵mccune2007-04-031-23/+60
| | | | | | | | | | | | | | | into source:trunk Generated with svn merge -r 2378:HEAD https://reductivelabs.com/svn/puppet/branches/execute-refactor trunk CHANGES: - Puppet::Util#execute now takes hash key/value pairs as arguments after the command array. - Processes executed from the base service provider are now silenced. That is, their standard input, output, and error pipes are all directed to /dev/null. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2385 980ebf18-57e1-0310-9a29-db15c13687c0
* Changing execution to reopen stdin to /dev/nullluke2007-03-191-0/+1
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2318 980ebf18-57e1-0310-9a29-db15c13687c0
* Looks like I already accidentally committed the switch from using system() ↵luke2007-03-181-16/+0
| | | | | | to exec(). I am hoping this will fix the many problems people are having with processes hanging around (e.g., #509). This change just removes the attempts at closing TCPServer instances, which should now be fixed from using exec instead of system. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2297 980ebf18-57e1-0310-9a29-db15c13687c0
* Fixing cron support (I hope). It now uses providers, and seems to work, at ↵luke2007-03-171-2/+2
| | | | | | least on my os x box. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2284 980ebf18-57e1-0310-9a29-db15c13687c0
* Moving some of the stand-alone classes into the util/ subdirectory, to clean ↵luke2007-02-071-12/+12
| | | | | | up the top-level namespace a bit. This is a lot of file modifications, but most of them just change class names and file paths. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2178 980ebf18-57e1-0310-9a29-db15c13687c0
* Applying patch in #465.luke2007-01-301-1/+1
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2124 980ebf18-57e1-0310-9a29-db15c13687c0
* Fixing #440, albeit with a slightly hackish fix.luke2007-01-301-0/+15
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2120 980ebf18-57e1-0310-9a29-db15c13687c0
* Moving code from external sources into an external/ directoryluke2007-01-301-1/+1
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2119 980ebf18-57e1-0310-9a29-db15c13687c0
* Looks like providers work again on Solaris.luke2006-12-281-4/+1
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1980 980ebf18-57e1-0310-9a29-db15c13687c0
* I have not yet finished testing, but most of the providers now successfully ↵luke2006-12-281-2/+8
| | | | | | pass arrays to execute() instead of strings, which means that the vast majority of execution problems are now gone. I will finish testing tomorrow, hopefully, and will also hopefully be able to verify that the execution-related bugs are fixed. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1979 980ebf18-57e1-0310-9a29-db15c13687c0
* Allow execution of bare strings as long as there's no attempt to change uid/gidlutter2006-12-221-1/+1
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1963 980ebf18-57e1-0310-9a29-db15c13687c0
* Fixing #372 and #374. All is not perfect, since OS X still cannot set UID, ↵luke2006-12-191-6/+48
| | | | | | but it is much better. There is still plenty of bug-fixing to do on other platforms, I expect. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1954 980ebf18-57e1-0310-9a29-db15c13687c0
* Redoing the benchmarking a little bitluke2006-12-161-1/+5
| | | | git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1941 980ebf18-57e1-0310-9a29-db15c13687c0
* Working some on the export/collect problem. It actually works now, but ↵luke2006-12-121-1/+1
| | | | | | there are not yet sufficient tests for it, so I will leave the bug open until we have got the new work in place. I also added a "rails" feature, so I do not have to keep testing whether ActiveRecord is defined. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1911 980ebf18-57e1-0310-9a29-db15c13687c0
* Ports are still broken, but I need to work on something else while I am ↵luke2006-11-131-1/+1
| | | | | | thinking about how to fix them. Stupid /etc/services. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1863 980ebf18-57e1-0310-9a29-db15c13687c0
* Merging the code over from the oscar branch. I will now be doing all ↵luke2006-11-081-103/+3
| | | | | | development in the trunk again, except for larger changes, which will still get their own branch. This is a merge of the changes from revision 1826 to revision 1834. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1835 980ebf18-57e1-0310-9a29-db15c13687c0
* Fixing #291 -- the problem was that instead of throwing an error on a ↵luke2006-10-161-2/+1
| | | | | | missing server, puppet was just exiting. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1785 980ebf18-57e1-0310-9a29-db15c13687c0
generated by cgit (git 2.34.1) at 2025-09-26 09:50:03 +0000