Jira (PUP-10998) Cron Provider breaks on crontab with certain environment variables

17 views
Skip to first unread message

Joerg Jaspert (Jira)

unread,
Mar 29, 2021, 9:55:02 AM3/29/21
to puppe...@googlegroups.com
Joerg Jaspert created an issue
 
Puppet / Bug PUP-10998
Cron Provider breaks on crontab with certain environment variables
Issue Type: Bug Bug
Affects Versions: PUP 6.21.1
Assignee: Unassigned
Created: 2021/03/29 6:54 AM
Priority: Blocker Blocker
Reporter: Joerg Jaspert

Puppet Version: 6.21.1-1buster
Puppet Server Version: 6.15.1-1buster
OS Name/Version: Debian Buster

A crontab that contains an environment variable with a - breaks puppet. Change - to _ and it works.
Create a crontab like

MAILTO=te...@example.com

CONSOLE-LOG=/var/log/file

*/15 * * * * /bin/bash -c "echo test"

 

Puppet goes boom:

Error: Could not prefetch cron provider 'crontab': Could not parse line "CONSOLE-LOG=/var/log/file" (file: USERNAMEOFUNIXUSER, line: 2)
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/fileparsing.rb:260:in `block in parse'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/fileparsing.rb:252:in `collect'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/fileparsing.rb:252:in `parse'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/parsedfile.rb:329:in `retrieve'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/parsedfile.rb:282:in `prefetch_target'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/parsedfile.rb:274:in `block in prefetch_all_targets'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/parsedfile.rb:273:in `each'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/parsedfile.rb:273:in `prefetch_all_targets'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/parsedfile.rb:226:in `prefetch'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:378:in `prefetch'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:260:in `prefetch_if_necessary'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:115:in `block in evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:120:in `traverse'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:178:in `evaluate'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:240:in `block (2 levels) in apply'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:546:in `block in thinmark'
/opt/puppetlabs/puppet/lib/ruby/2.5.0/benchmark.rb:308:in `realtime'

[....]

 

Now change the - to _ and voila, puppet does not go boom.

Desired Behavior: Puppet accept -

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Joerg Jaspert (Jira)

unread,
Mar 29, 2021, 10:11:02 AM3/29/21
to puppe...@googlegroups.com
Joerg Jaspert updated an issue
Change By: Joerg Jaspert
Agent OS: Debian 8 (i386, amd64) Other

Joerg Jaspert (Jira)

unread,
Mar 29, 2021, 10:11:02 AM3/29/21
to puppe...@googlegroups.com
Joerg Jaspert updated an issue
Change By: Joerg Jaspert
Agent OS: Debian 7 8 (i386, amd64)

Josh Cooper (Jira)

unread,
Mar 29, 2021, 6:19:02 PM3/29/21
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-10998
 
Re: Cron Provider breaks on crontab with certain environment variables

POSIX doesn't allow dashes in the name of environment variables:

Environment variable names used by the utilities in the Shell and Utilities volume of POSIX.1-2017 consist solely of uppercase letters, digits, and the <underscore> ( '_' ) from the characters defined in Portable Character Set and do not begin with a digit.

It's also not accepted in bash:

# export FOO-BAR=baz
 
-bash: export: `FOO-BAR=baz': not a valid identifier

I'd recommend using underscore instead.

Joerg Jaspert (Jira)

unread,
Mar 30, 2021, 4:13:03 AM3/30/21
to puppe...@googlegroups.com

That may be true, sure. But Puppet should NOT crash on it. That is an EASY denial of service from any unpriviliged user you have on the system.

Ciprian Badescu (Jira)

unread,
Jun 15, 2021, 4:23:02 AM6/15/21
to puppe...@googlegroups.com

Thank you for filing this issue. We agree it is likely an improvement, but due to other issues demanding precedence, we don’t anticipate being able to address this any time soon. If you are interested in submitting a patch to the repository for this project at https://github.com/puppetlabs, please open a pull request.
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo

Ciprian Badescu (Jira)

unread,
Jun 15, 2021, 4:23:05 AM6/15/21
to puppe...@googlegroups.com
Ciprian Badescu updated an issue
 
Change By: Ciprian Badescu
Team: Night's Watch

Ciprian Badescu (Jira)

unread,
Jun 15, 2021, 10:58:01 AM6/15/21
to puppe...@googlegroups.com
Ciprian Badescu updated an issue
Change By: Ciprian Badescu
Priority: Blocker Normal
Reply all
Reply to author
Forward
0 new messages