init: env does not undergo expansion

Reported by gcooper on 2009-02-12
56
This bug affects 11 people
Affects Status Importance Assigned to Milestone
upstart
Medium
Unassigned

Bug Description

Currently jobfiles in the format:

# START JOBFILE
env TEST_VAR=$INC_VAR

exec echo "$TEST_VAR" > /foobard2zemax
# END JOBFILE

result in the following output:

[comet-k5-12:~]$ cat /foobard2zemax
$INC_VAR

Some script newbies may be confused by that usage (but what do you mean TEST_VAR didn't expand to the value of $INC_VAR 8-)???), but it makes perfect sense to have it be done that way as I would be more concerned with harmful, potentially recursive environment variables. Besides, it's just bad coding to do it that way anyhow ;).

However, this exact replacement method could also become a point of security risk as well if obscurely evaluated later on, but having that tool at one's disposal is no worse than a number of available functions in C libcalls / syscalls anyhow ;).

This is just a note for the sake of improving clarity in existing documentation, e.g. <http://upstart.ubuntu.com/wiki/Stanzas>.

Yes, this one should be expanded

Changed in upstart:
importance: Undecided → Medium
status: New → Triaged

I actually believe that env should undergo expansion, it makes sense to, for example, have:

env CONFDIR=${CONFFILE%/*}

and do start daemon CONFFILE=...

summary: - [Doc] Environment variable passed in via jobfiles isn't expanded to
- actual value
+ env does not undergo expansion#
summary: - env does not undergo expansion#
+ env does not undergo expansion
summary: - env does not undergo expansion
+ init: env does not undergo expansion

Also worth noting that it can't ever be a security risk since environment passed with the Start command overrides that in the job file anyway, you could just pass TEST_VAR itself :-)

Matthew Hall (mhall-9) wrote :

This limitation is really annoying when writing more sophisticated Upstart files for custome services. What is the status on getting this behavior working right?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers