help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cfrun parameter parsing bug?


From: Christian Pearce
Subject: Re: Cfrun parameter parsing bug?
Date: Wed, 20 Apr 2005 08:59:59 -0400

hmm... I don't want to nip pick here, but this is the the help-cfengine
list.

I suspect this is done on purpose.  All cfrun should be able to do is
tell the remote client to run his "known" configuration policy.  It
would be considered a security risk to let a cfrun execute an arbitrary
file.  While arguments about the security of this could be made.  I
believe this is Mark's intention.

I suppose Mark needs to fix the fact that -qf worked.

Here is a comment in cfservd.c:

  for (sp = args; *sp != '\0'; sp++) /* Blank out -K -f */

Note -K is also removed.  In order to prevent someone from spamming the
remote host.

Now it may be implied in the documentation that cfrun is intended to
only allow the execution of the known policy, but I think it should be
explicitly documented that this parameters are not allowed.

On Tue, 2005-04-19 at 17:32 -0700, Mark wrote:
> Hi all,
> 
> I just got cfrun to remote-update a machine. However, there seems to be some 
> problem with parsing the parameters.
> 
> As far as I understand, the parameters are split into 3 groups, separated by 
> "--", so we have
> cfrun <params for local cfrun> -- <params for remote cfagent> -- <addl active 
> classes>
> 
> I want to pick a specific input file to execute on the remote server, the 
> same way as if I would call "cfagent -f
> <special_input_file>" over on the remote box. So I use:
> cfrun -- "-f /home/server_config/cfengine/inputs/update.conf" -- 
> 
> However, I receive this:
> cfservd Executing /usr/local/sbin/cfagent --no-splay --inform    
> /home/server_config/cfengine/inputs/update.conf
> cfengine:::0: Warning: actionsequence is empty
> cfengine:::0: Warning: perhaps cfagent.conf/update.conf have not yet been set 
> up?
> 
> So it seems to cut off the "-f" and therefore does not understand that the 
> filename I give it is the input file I want it to use
> The same thing happens if I use "--file <special_input_file>"
> 
> Strangely, "-qf <special_input_file>" works - and for that matter any other 
> parameter between the "-" and the "f"... So this looks
> like a bug in the command line parsing algorithm... Is that right? If not, 
> what am I doing wrong?
> 
> Thanks,
> 
> MARK
> 
> 
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine
-- 
Christian Pearce
http://www.sysnav.com
http://www.commnav.com
http://www.perfectorder.com

Attachment: signature.asc
Description: This is a digitally signed message part


reply via email to

[Prev in Thread] Current Thread [Next in Thread]