[Pkg-puppet-devel] Bug#809786: Bug#809786: The "posix" provider of the "exec" resource seems to invoke a shell even though the documentation says it doesn't

[Alexander Kurtz]

Hi!

> I had a look in the code lately and it seems like this part is very
> much abstracted.

Indeed. Before submitting this bug report, I tried to follow the
function calls from the puppet/lib/puppet/provider/exec/posix.rb file,
but got lost at some point.

> I expect this to be the culprit:
> https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/execution.rb#L273

I can't really say if this is the source of the bug, but it highlights
an important problem: The "posix" provider should really require the
value of the "command" parameter to be an array, or at the very least
have (very!) clear semantics on how a string value will be split up
into its components.

> It seems like this behavior broke at some point without anyone
> noticing.

Yeah. BTW: I guess that the "shell" provider is also currently broken,
since the puppet/lib/puppet/provider/exec/shell.rb file
simply uses this

	super(['/bin/sh', '-c', command], check)

If there's another shell further down the function stack, this means
that the command string has to be escaped twice...

> I also bet it hasn't been fixed in Puppet 4 either. Have you already
> forwarded that bug to Puppetlabs?

No, I haven't, since I wasn't sure if this is Debian-specific (or maybe
just me not understanding the documentation correctly).

Best regards

Alexander Kurtz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/attachments/20160112/85a06f4c/attachment.sig>