Bug #8969
Puppet hangs trying to replace a FIFO
| Status: | Accepted | Start date: | 08/12/2011 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | file | |||
| Target version: | 2.7.x | |||
| Affected Puppet version: | 2.6.0 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
Puppet does some stupid things trying to replace a FIFO, including opening it and trying to MD5 the content.
This allows a DoS for any managed file that can be replaced with a disconnected FIFO, at least.
To reproduce:
mkfifo /tmp/boom
puppet apply <<EOT
file { "/tmp/boom": ensure => file, content => "Hello, World" }
EOT
Related issues
History
Updated by Michael Stahnke 4 months ago
- Target version changed from 2.6.x to 2.7.x
2.6.x is closed. Moving to 2.7.x
Updated by Franz Pletz 4 months ago
Can this be solved by treating FIFOs and for instance Sockets specially? As it makes no sense for puppet to manage the contents of such special files, opening and reading/writing should not take place in the first time. Patch should be easy and I would do it if this fix suffices.
Updated by Daniel Pittman 4 months ago
- Description updated (diff)
Franz Pletz wrote:
Can this be solved by treating FIFOs and for instance Sockets specially? As it makes no sense for puppet to manage the contents of such special files, opening and reading/writing should not take place in the first time. Patch should be easy and I would do it if this fix suffices.
Absolutely. We don’t actually support creating them, or block and character special devices, in Puppet, so we only have to watch for, eg, people telling us to manage them.