heat-cfntools

Running arbitrary commands in AWS::CloudFormation::Init is broken

Bug #1492367 reported by Zane Bitter
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
heat-cfntools
Fix Released
Critical
Anant Patil
heat-cfntools v1.4.1

Bug Description

In heat-cfntools 1.4.0, the fix for bug 1312246 breaks the "commands" section in of AWS::CloudFormation::Init. These commands should be arbitrary shell commands, as seen in the AWS docs at http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-init.html where the examples are e.g. redirecting output to a file. The new implementation simply splits that commands on whitespace and passes the result to execvp(), rather than allowing the shell to interpret.

Revision history for this message
Zane Bitter (zaneb) wrote :

Note that when the command is supplied by the user as a list rather than a string, we *should* to pass it directly to execvp(). Currently we are doing some (bad) escaping, converting it to a string, then splitting it on whitespace and passing it to execvp(). Previously we were doing the bad escaping and passing it to the shell, which was not much better.

Anant Patil (ananta)
Changed in heat-cfntools:
assignee: nobody → Anant Patil (ananta)
Revision history for this message
Anant Patil (ananta) wrote :

This should be fixed now after the offending patch was reverted.

In another fix to bug 1312246, I have taken care of this.

Steve Baker (steve-stevebaker)
Changed in heat-cfntools:
status: Triaged → Fix Committed
Steve Baker (steve-stevebaker)
Changed in heat-cfntools:
milestone: none → v1.4.1
Steve Baker (steve-stevebaker)
Changed in heat-cfntools:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.