Bug 1276652
| Summary: | Wildcard patterns in command arguments not expanded | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Frodl <mfrodl> | |
| Component: | sos | Assignee: | Shane Bradley <sbradley> | |
| Status: | CLOSED ERRATA | QA Contact: | Martin Frodl <mfrodl> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.7 | CC: | agk, bmr, bnater, dkutalek, gavin, mhradile, plambri, pmoravec, salmy, sbradley | |
| Target Milestone: | rc | Keywords: | Regression | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | sos-3.2-38.el6 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1276660 (view as bug list) | Environment: | ||
| Last Closed: | 2016-05-10 21:07:56 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1274384 | |||
Reproduced outside sos:
import os
from subprocess import Popen, PIPE, STDOUT
args = ['timeout', '300s', 'ls', '-la', '/etc/dirsrv/slapd-*/schema/']
def _child_prep_fn():
os.chroot('/')
p = Popen(args, shell=False, stdout=PIPE,
stderr=STDOUT,
bufsize=-1, env=os.environ, close_fds=True,
preexec_fn=_child_prep_fn)
stdout, stderr = p.communicate()
print "status: %s, output: %s" %(p.returncode, stdout.decode('utf-8', 'ignore'))
Returns:
status: 2, output: ls: cannot access /etc/dirsrv/slapd-*/schema: No such file or directory
It's a regression as we no longer run commands under a shell:
commit 46b6c3d39f923d19fa7fcfec96c1cf2d23c768be
Author: Bryn M. Reeves <bmr>
Date: Sun Apr 6 18:01:33 2014 +0100
Call Popen with shell=False
Fixes Issue #253.
Signed-off-by: Bryn M. Reeves <bmr>
I am not inclined to revert this: it protects us from bugs and potential security problems where the shell expands values in unintended ways.
My preference for a fix is to use glob.glob() to expand _only_ glob syntax in the argument list before passing the string to shlex.split().
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0819.html |
Description of problem: Some plugins collect the output of commands with paths containing a wildcard expression in their arguments. These wildcards are never expanded. For instance, ipa plugin collects the output of the following command: ls -la /etc/dirsrv/slapd-*/schema Having created a sample directory matching this pattern, the actual output of the ls command is: # ls -la /etc/dirsrv/slapd-*/schema/ total 8 drwxr-xr-x. 2 root root 4096 Oct 30 07:07 . drwxr-xr-x. 3 root root 4096 Oct 30 07:07 .. What sosreport collects, however, looks like this: # cat sosreport-blabla/sos_commands/ipa/ls_-la_.etc.dirsrv.slapd-_.schema ls: cannot access /etc/dirsrv/slapd-*/schema/: No such file or directory There are other plugins affected by this bug, so far I know about md and smartcard. This bug was not present sos-2.2-68.el6.noarch. Version-Release number of selected component (if applicable): sos-3.2-28.el6.noarch