The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #8969

Puppet hangs trying to replace a FIFO

Added by Anonymous about 4 years ago. Updated over 1 year ago.

Status:AcceptedStart date:08/12/2011
Priority:HighDue date:
Assignee:-% Done:

0%

Category:file
Target version:-
Affected Puppet version:2.6.0 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This ticket is now tracked at: https://tickets.puppetlabs.com/browse/PUP-1460


Description

Puppet does some stupid things trying to replace a FIFO, including opening it and trying to MD5 the content.

This allows a DoS for any managed file that can be replaced with a disconnected FIFO, at least.

To reproduce:

mkfifo /tmp/boom
puppet apply <<EOT
file { "/tmp/boom": ensure => file, content => "Hello, World" }
EOT

Related issues

Related to Puppet - Bug #8740: `puppet resource file` reports "Cannot manage files of ty... Closed 08/02/2011
Related to Puppet - Bug #8970: The `file` type should correctly handle "exotic" entities... Accepted 08/12/2011

History

#1 Updated by Michael Stahnke over 3 years ago

  • Target version changed from 2.6.x to 2.7.x

2.6.x is closed. Moving to 2.7.x

#2 Updated by Franz Pletz over 3 years ago

Can this be solved by treating FIFOs and for instance Sockets specially? As it makes no sense for puppet to manage the contents of such special files, opening and reading/writing should not take place in the first time. Patch should be easy and I would do it if this fix suffices.

#3 Updated by Anonymous over 3 years ago

  • Description updated (diff)

Franz Pletz wrote:

Can this be solved by treating FIFOs and for instance Sockets specially? As it makes no sense for puppet to manage the contents of such special files, opening and reading/writing should not take place in the first time. Patch should be easy and I would do it if this fix suffices.

Absolutely. We don’t actually support creating them, or block and character special devices, in Puppet, so we only have to watch for, eg, people telling us to manage them.

#4 Updated by Anonymous over 2 years ago

  • Target version deleted (2.7.x)

#5 Updated by Adrián López over 1 year ago

Redmine Issue #8969 has been migrated to JIRA:

https://tickets.puppetlabs.com/browse/PUP-1460

Also available in: Atom PDF