1020279 – HA LVM resource script does shell expansion

Bug 1020279 - HA LVM resource script does shell expansion

Summary: HA LVM resource script does shell expansion

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	rgmanager
Sub Component:
Version:	5.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Ryan McCabe
QA Contact:	Cluster QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	984996 1049888
TreeView+	depends on / blocked

Reported:	2013-10-17 11:22 UTC by Josef Zimek
Modified:	2018-12-06 15:21 UTC (History)
CC List:	7 users (show)
Fixed In Version:	rgmanager-2.0.52-51.el5
Doc Type:	Bug Fix
Doc Text:	Due to a syntax error in the underlying source code, the "find" command failed to find files whose names ended with the ".img" suffix. This update applies a patch to fix this bug and the command now works as expected.
Clone Of:
Environment:
Last Closed:	2014-09-16 00:29:00 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1207	0	normal	SHIPPED_LIVE	rgmanager bug fix and enhancement update	2014-09-16 04:16:39 UTC

Description Josef Zimek 2013-10-17 11:22:23 UTC

Description of problem:

In /usr/share/cluster/lvm.sh line 81 when checking for if initrd has been updated the following line is used:

(if [ "$(find /boot -name *.img -newer /etc/lvm/lvm.conf)" == "" ];)

If the current directory contains any files ending with img, the asterisk will be expanded according to path names, which will cause the find to fail due to syntax error.

Protecting the asterisk with quotes or backslash will solve the problem.



Version-Release number of selected component (if applicable):
rgmanager-2.0.52



Additional info:

The problem is basically that customer happened to create a couple of file with the .img extension in / and that caused the asterisk in lvm.sh to expand rather then being passed verbatim to 'find' I believe the patch solves the issue but it could be worth scanning the resource agents for more similar flaws.

diff -up rgmanager-2.0.52/src/resources/lvm.sh.no-shell-expansion rgmanager-2.0.52/src/resources/lvm.sh
--- rgmanager-2.0.52/src/resources/lvm.sh.no-shell-expansion	2013-10-09 10:02:13.000000000 +0200
+++ rgmanager-2.0.52/src/resources/lvm.sh	2013-10-09 10:03:53.000000000 +0200
@@ -105,7 +105,7 @@ function ha_lvm_proper_setup_check
 	# the control of rgmanager
 	##
 	# Fixme: we might be able to perform a better check...
-	if [ "$(find /boot -name *.img -newer /etc/lvm/lvm.conf)" == "" ]; then
+	if [ "$(find /boot -name '*.img' -newer /etc/lvm/lvm.conf)" == "" ]; then
 		ocf_log err "HA LVM:  Improper setup detected"
 		ocf_log err "- initrd image needs to be newer than lvm.conf"

Comment 4 Ryan McCabe 2014-03-13 17:44:33 UTC

commit a2140f35bd8cd7b01cbf8c94f9fd7e12b6b59302
Author: Ryan McCabe <rmccabe>
Date:   Thu Mar 13 13:42:50 2014 -0400

    rgmanager: lvm.sh: Prevent shell expansion when calling the find command
    
    Prevent shell expansion of * when calling the find command.
    
    Resolves: rhbz#1020279
    
    Signed-off-by: Ryan McCabe <rmccabe>

Comment 9 errata-xmlrpc 2014-09-16 00:29:00 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1207.html

Note You need to log in before you can comment on or make changes to this bug.