[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Cfrun parameter parsing bug?
|
From: |
Mark |
|
Subject: |
RE: Cfrun parameter parsing bug? |
|
Date: |
Wed, 20 Apr 2005 09:45:51 -0700 |
I guess this way around, it would make sense too...
Thanks.
>
> I suspect this is done on purpose. All cfrun should be able
> to do is tell the remote client to run his "known"
> configuration policy. It would be considered a security risk
> to let a cfrun execute an arbitrary file. While arguments
> about the security of this could be made. I believe this is
> Mark's intention.
>
> I suppose Mark needs to fix the fact that -qf worked.
>
> Here is a comment in cfservd.c:
>
> for (sp = args; *sp != '\0'; sp++) /* Blank out -K -f */
>
> Note -K is also removed. In order to prevent someone from
> spamming the remote host.
>
> Now it may be implied in the documentation that cfrun is
> intended to only allow the execution of the known policy, but
> I think it should be explicitly documented that this
> parameters are not allowed.
>
> On Tue, 2005-04-19 at 17:32 -0700, Mark wrote:
> > Hi all,
> >
> > I just got cfrun to remote-update a machine. However, there
> seems to
> > be some problem with parsing the parameters.
> >
> > As far as I understand, the parameters are split into 3 groups,
> > separated by "--", so we have cfrun <params for local cfrun> --
> > <params for remote cfagent> -- <addl active classes>
> >
> > I want to pick a specific input file to execute on the
> remote server,
> > the same way as if I would call "cfagent -f
> <special_input_file>" over
> > on the remote box. So I use: cfrun -- "-f
> > /home/server_config/cfengine/inputs/update.conf" --
> >
> > However, I receive this:
> > cfservd Executing /usr/local/sbin/cfagent --no-splay
> --inform /home/server_config/cfengine/inputs/update.conf
> > cfengine:::0: Warning: actionsequence is empty
> > cfengine:::0: Warning: perhaps cfagent.conf/update.conf
> have not yet
> > been set up?
> >
> > So it seems to cut off the "-f" and therefore does not
> understand that
> > the filename I give it is the input file I want it to use The same
> > thing happens if I use "--file <special_input_file>"
> >
> > Strangely, "-qf <special_input_file>" works - and for that
> matter any
> > other parameter between the "-" and the "f"... So this looks like a
> > bug in the command line parsing algorithm... Is that right? If not,
> > what am I doing wrong?
> >
> > Thanks,
> >
> > MARK
> >
> >
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-cfengine
> --
> Christian Pearce
> http://www.sysnav.com
> http://www.commnav.com
> http://www.perfectorder.com
>
------------------------------------------------
Mark Arnold
Freightgate - New Dimensions in e-Logistics (sm)
ISO9001:2000 Certified Company
Visit us at http://www.freightgate.com
Email: marnold@freightgate.com
Phone: (714) 799-2833 Fax: (714) 799-0100
> -----Original Message-----
> From: Christian Pearce [mailto:pearcec@perfectorder.com]
> Sent: Wednesday, April 20, 2005 6:00 AM
> To: Mark
> Cc: help-cfengine@gnu.org
> Subject: Re: Cfrun parameter parsing bug?
>
>
> hmm... I don't want to nip pick here, but this is the the
> help-cfengine list.
>
> I suspect this is done on purpose. All cfrun should be able
> to do is tell the remote client to run his "known"
> configuration policy. It would be considered a security risk
> to let a cfrun execute an arbitrary file. While arguments
> about the security of this could be made. I believe this is
> Mark's intention.
>
> I suppose Mark needs to fix the fact that -qf worked.
>
> Here is a comment in cfservd.c:
>
> for (sp = args; *sp != '\0'; sp++) /* Blank out -K -f */
>
> Note -K is also removed. In order to prevent someone from
> spamming the remote host.
>
> Now it may be implied in the documentation that cfrun is
> intended to only allow the execution of the known policy, but
> I think it should be explicitly documented that this
> parameters are not allowed.
>
> On Tue, 2005-04-19 at 17:32 -0700, Mark wrote:
> > Hi all,
> >
> > I just got cfrun to remote-update a machine. However, there
> seems to
> > be some problem with parsing the parameters.
> >
> > As far as I understand, the parameters are split into 3 groups,
> > separated by "--", so we have cfrun <params for local cfrun> --
> > <params for remote cfagent> -- <addl active classes>
> >
> > I want to pick a specific input file to execute on the
> remote server,
> > the same way as if I would call "cfagent -f
> <special_input_file>" over
> > on the remote box. So I use: cfrun -- "-f
> > /home/server_config/cfengine/inputs/update.conf" --
> >
> > However, I receive this:
> > cfservd Executing /usr/local/sbin/cfagent --no-splay
> --inform /home/server_config/cfengine/inputs/update.conf
> > cfengine:::0: Warning: actionsequence is empty
> > cfengine:::0: Warning: perhaps cfagent.conf/update.conf
> have not yet
> > been set up?
> >
> > So it seems to cut off the "-f" and therefore does not
> understand that
> > the filename I give it is the input file I want it to use The same
> > thing happens if I use "--file <special_input_file>"
> >
> > Strangely, "-qf <special_input_file>" works - and for that
> matter any
> > other parameter between the "-" and the "f"... So this looks like a
> > bug in the command line parsing algorithm... Is that right? If not,
> > what am I doing wrong?
> >
> > Thanks,
> >
> > MARK
> >
> >
> >
> > _______________________________________________
> > Help-cfengine mailing list
> > Help-cfengine@gnu.org
> > http://lists.gnu.org/mailman/listinfo/help-cfengine
> --
> Christian Pearce
> http://www.sysnav.com
> http://www.commnav.com
> http://www.perfectorder.com
>