Odoo Server (MOVED TO GITHUB)

Regression : Incorrect use of subprocess module

Bug #685115 reported by Michael Telahun Makonnen
30
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Odoo Server (MOVED TO GITHUB)
Fix Released
Medium
OpenERP's Framework R&D
Odoo Server (MOVED TO GITHUB) 6.0-rc2
5.0
Fix Released
Medium
Jay Vora (Serpent Consulting Services)
Odoo Server (MOVED TO GITHUB) 5.0.16

Bug Description

I'm using OpenERP 5.0.15

In tools/misc.py: exec_pg_command_pipe() and exec_command_pipe() in the arguments to the subprocess.Popen() function the command name is supplied as the executable parameter and shell=True. This is wrong. If shell=True, then executable has to be the path to the shell, as explained in the following paragraph from http://docs.python.org/library/subprocess.html :

The executable argument specifies the program to execute. It is very seldom needed: Usually, the program to execute is defined by the args argument. If shell=True, the executable argument specifies which shell to use. On Unix, the default shell is /bin/sh.

The above two functions have been working up to now only by accident. The subprocess module will spawn the /bin/sh shell and try to execute the first element in the argument list tuple. The first element is the command name (without the full path), but since the command is usually in the shell's path it will succeed. However if , for example, the pg_* commands were not in the shell's path (for example in /usr/lib/pgsql/bin) then it would fail.

Patch is attached.

Tags: maintenance
Revision history for this message
Michael Telahun Makonnen (mmakonnen) wrote :
Revision history for this message
Michael Telahun Makonnen (mmakonnen) wrote :

Update: Please disregard my analysis for why the two functions appear to be functioning up to now. It is wrong since the first element in the argument list is *not* the command name. The bug is real none the less and should be fixed.

Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Hello Michael,

You're right, thanks for the analysis and the proposed patch!
This has been fixed in trunk in revision 3075 - <email address hidden> from ~xrg (author of the original Popen patch)

I am assigning to maintenance team as well for backport to 5.0, as the original patch had been applied there as well.

Changed in openobject-server:
assignee: nobody → OpenERP's Framework R&D (openerp-dev-framework)
importance: Undecided → Medium
milestone: none → 6.0-rc2
status: New → Fix Released
tags: added: maintenance
Revision history for this message
Olivier Dony (Odoo) (odo-openerp) wrote :

Note to maintenance team: keep in mind that this bug has many consequences, e.g. not being able to print workflows (see duplicated bug #684661) and probably breaking other things that call external tools, e.g. backup/restore, etc.

Jay Vora (Serpent Consulting Services) (jayvora)
summary: - Incorrect use of subprocess module
+ Regression : Incorrect use of subprocess module
Revision history for this message
Jay Vora (Serpent Consulting Services) (jayvora) wrote :

Thanks Michael, Panos and Olivier.

I have tested with the patch and fix has landed to stable by revision 2165 <email address hidden>.

Thanks.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.