Bug 1020279

Summary: HA LVM resource script does shell expansion
Product: Red Hat Enterprise Linux 5 Reporter: Josef Zimek <pzimek>
Component: rgmanagerAssignee: Ryan McCabe <rmccabe>
Status: CLOSED ERRATA QA Contact: Cluster QE <mspqa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.8CC: cluster-maint, djuran, dvossel, fdinitto, jharriga, mjuricek, pdwyer
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rgmanager-2.0.52-51.el5 Doc Type: Bug Fix
Doc Text:
Due to a syntax error in the underlying source code, the "find" command failed to find files whose names ended with the ".img" suffix. This update applies a patch to fix this bug and the command now works as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-16 00:29:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 984996, 1049888    

Description Josef Zimek 2013-10-17 11:22:23 UTC 
Description of problem:

In /usr/share/cluster/lvm.sh line 81 when checking for if initrd has been updated the following line is used:

(if [ "$(find /boot -name *.img -newer /etc/lvm/lvm.conf)" == "" ];)

If the current directory contains any files ending with img, the asterisk will be expanded according to path names, which will cause the find to fail due to syntax error.

Protecting the asterisk with quotes or backslash will solve the problem.



Version-Release number of selected component (if applicable):
rgmanager-2.0.52



Additional info:

The problem is basically that customer happened to create a couple of file with the .img extension in / and that caused the asterisk in lvm.sh to expand rather then being passed verbatim to 'find' I believe the patch solves the issue but it could be worth scanning the resource agents for more similar flaws.

diff -up rgmanager-2.0.52/src/resources/lvm.sh.no-shell-expansion rgmanager-2.0.52/src/resources/lvm.sh
--- rgmanager-2.0.52/src/resources/lvm.sh.no-shell-expansion	2013-10-09 10:02:13.000000000 +0200
+++ rgmanager-2.0.52/src/resources/lvm.sh	2013-10-09 10:03:53.000000000 +0200
@@ -105,7 +105,7 @@ function ha_lvm_proper_setup_check
 	# the control of rgmanager
 	##
 	# Fixme: we might be able to perform a better check...
-	if [ "$(find /boot -name *.img -newer /etc/lvm/lvm.conf)" == "" ]; then
+	if [ "$(find /boot -name '*.img' -newer /etc/lvm/lvm.conf)" == "" ]; then
 		ocf_log err "HA LVM:  Improper setup detected"
 		ocf_log err "- initrd image needs to be newer than lvm.conf"
Comment 4 Ryan McCabe 2014-03-13 17:44:33 UTC 
commit a2140f35bd8cd7b01cbf8c94f9fd7e12b6b59302
Author: Ryan McCabe <rmccabe>
Date:   Thu Mar 13 13:42:50 2014 -0400

    rgmanager: lvm.sh: Prevent shell expansion when calling the find command
    
    Prevent shell expansion of * when calling the find command.
    
    Resolves: rhbz#1020279
    
    Signed-off-by: Ryan McCabe <rmccabe>
Comment 9 errata-xmlrpc 2014-09-16 00:29:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1207.html