The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #8969

Puppet hangs trying to replace a FIFO

Added by Anonymous almost 3 years ago. Updated 7 months ago.

Status:AcceptedStart date:08/12/2011
Priority:HighDue date:
Assignee:-% Done:

0%

Category:file
Target version:-
Affected Puppet version:2.6.0 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket is now tracked at: https://tickets.puppetlabs.com/browse/PUP-1460


Description

Puppet does some stupid things trying to replace a FIFO, including opening it and trying to MD5 the content.

This allows a DoS for any managed file that can be replaced with a disconnected FIFO, at least.

To reproduce:

mkfifo /tmp/boom
puppet apply <<EOT
file { "/tmp/boom": ensure => file, content => "Hello, World" }
EOT

Related issues

Related to Puppet - Bug #8740: `puppet resource file` reports "Cannot manage files of ty... Closed 08/02/2011
Related to Puppet - Bug #8970: The `file` type should correctly handle "exotic" entities... Accepted 08/12/2011

History

#1 Updated by Michael Stahnke over 2 years ago

  • Target version changed from 2.6.x to 2.7.x

2.6.x is closed. Moving to 2.7.x

#2 Updated by Franz Pletz over 2 years ago

Can this be solved by treating FIFOs and for instance Sockets specially? As it makes no sense for puppet to manage the contents of such special files, opening and reading/writing should not take place in the first time. Patch should be easy and I would do it if this fix suffices.

#3 Updated by Anonymous over 2 years ago

  • Description updated (diff)

Franz Pletz wrote:

Can this be solved by treating FIFOs and for instance Sockets specially? As it makes no sense for puppet to manage the contents of such special files, opening and reading/writing should not take place in the first time. Patch should be easy and I would do it if this fix suffices.

Absolutely. We don’t actually support creating them, or block and character special devices, in Puppet, so we only have to watch for, eg, people telling us to manage them.

#4 Updated by Andrew Parker over 1 year ago

  • Target version deleted (2.7.x)

#5 Updated by Adrián López 7 months ago

Redmine Issue #8969 has been migrated to JIRA:

https://tickets.puppetlabs.com/browse/PUP-1460

Also available in: Atom PDF