Bug 1276652
Summary: | Wildcard patterns in command arguments not expanded | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Martin Frodl <mfrodl> | |
Component: | sos | Assignee: | Shane Bradley <sbradley> | |
Status: | CLOSED ERRATA | QA Contact: | Martin Frodl <mfrodl> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | high | |||
Version: | 6.7 | CC: | agk, bmr, bnater, dkutalek, gavin, mhradile, plambri, pmoravec, salmy, sbradley | |
Target Milestone: | rc | Keywords: | Regression | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | sos-3.2-38.el6 | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1276660 (view as bug list) | Environment: | ||
Last Closed: | 2016-05-10 21:07:56 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1274384 |
Description
Martin Frodl
2015-10-30 11:30:08 UTC
Reproduced outside sos: import os from subprocess import Popen, PIPE, STDOUT args = ['timeout', '300s', 'ls', '-la', '/etc/dirsrv/slapd-*/schema/'] def _child_prep_fn(): os.chroot('/') p = Popen(args, shell=False, stdout=PIPE, stderr=STDOUT, bufsize=-1, env=os.environ, close_fds=True, preexec_fn=_child_prep_fn) stdout, stderr = p.communicate() print "status: %s, output: %s" %(p.returncode, stdout.decode('utf-8', 'ignore')) Returns: status: 2, output: ls: cannot access /etc/dirsrv/slapd-*/schema: No such file or directory It's a regression as we no longer run commands under a shell: commit 46b6c3d39f923d19fa7fcfec96c1cf2d23c768be Author: Bryn M. Reeves <bmr> Date: Sun Apr 6 18:01:33 2014 +0100 Call Popen with shell=False Fixes Issue #253. Signed-off-by: Bryn M. Reeves <bmr> I am not inclined to revert this: it protects us from bugs and potential security problems where the shell expands values in unintended ways. My preference for a fix is to use glob.glob() to expand _only_ glob syntax in the argument list before passing the string to shlex.split(). Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0819.html |