Red Hat Bugzilla – Bug 1276652
Wildcard patterns in command arguments not expanded
Last modified: 2016-05-10 17:07:56 EDT
Description of problem:
Some plugins collect the output of commands with paths containing a wildcard expression in their arguments. These wildcards are never expanded.
For instance, ipa plugin collects the output of the following command:
ls -la /etc/dirsrv/slapd-*/schema
Having created a sample directory matching this pattern, the actual output of the ls command is:
# ls -la /etc/dirsrv/slapd-*/schema/
drwxr-xr-x. 2 root root 4096 Oct 30 07:07 .
drwxr-xr-x. 3 root root 4096 Oct 30 07:07 ..
What sosreport collects, however, looks like this:
# cat sosreport-blabla/sos_commands/ipa/ls_-la_.etc.dirsrv.slapd-_.schema
ls: cannot access /etc/dirsrv/slapd-*/schema/: No such file or directory
There are other plugins affected by this bug, so far I know about md and smartcard.
This bug was not present sos-2.2-68.el6.noarch.
Version-Release number of selected component (if applicable):
Reproduced outside sos:
from subprocess import Popen, PIPE, STDOUT
args = ['timeout', '300s', 'ls', '-la', '/etc/dirsrv/slapd-*/schema/']
p = Popen(args, shell=False, stdout=PIPE,
bufsize=-1, env=os.environ, close_fds=True,
stdout, stderr = p.communicate()
print "status: %s, output: %s" %(p.returncode, stdout.decode('utf-8', 'ignore'))
status: 2, output: ls: cannot access /etc/dirsrv/slapd-*/schema: No such file or directory
It's a regression as we no longer run commands under a shell:
Author: Bryn M. Reeves <email@example.com>
Date: Sun Apr 6 18:01:33 2014 +0100
Call Popen with shell=False
Fixes Issue #253.
Signed-off-by: Bryn M. Reeves <firstname.lastname@example.org>
I am not inclined to revert this: it protects us from bugs and potential security problems where the shell expands values in unintended ways.
My preference for a fix is to use glob.glob() to expand _only_ glob syntax in the argument list before passing the string to shlex.split().
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.