consul-template crashes because it assumes sh is installed and added to the command before running it #1508
Comments
|
Hey @bbourbie, sorry for your troubles. I know the problem and have an idea for a pretty quick fix. The problem is that earlier versions used a shell parsing library that was a constant source of bugs and, after a review, was found to mishandle quoting at a base level requiring a large rewrite to fix. I decided to skip trying to parse shell command lines and call the system shell with the configured command passed to it, leaving the shell parsing to the shell. I made this the only way code was executed on *nix systems. For Windows I had it only accept single argument commands as it doesn't have a shell. I could make the change pretty easily to expand that to all environments, that is that if the configured command is a single command (no spaces/tabs/etc) then it would be run directly w/o the underlying shell call. This is a small change that shouldn't impact anyone's use, but would fix your case. What do you think? I think I could add this pretty speedily and I'm already looking to do a release soon due to a security issue... |
Instead of always using `sh -c` to run command lines on *nix check if it is a single command (no spaces) and, if so, run that command directly. This will give users on systems without 'sh' a way to run their commands. Fixes #1508
|
Hey @bbourbie .. I just posted the PR to make this change. I think it is probably a good general fix for cases like this but I'd like to hear back that it does address your case before going forward with it. Thanks. |
|
Thank you for your fast responses!! Let me review the PR. |
Instead of always using `sh -c` to run command lines on *nix check if it is a single command (no spaces) and, if so, run that command directly. This will give users on systems without 'sh' a way to run their commands. Fixes #1508
Instead of always using `sh -c` to run command lines on *nix check if it is a single command (no spaces) and, if so, run that command directly. This will give users on systems without 'sh' a way to run their commands. Fixes #1508
|
Hey @bbourbie, I've made a few updates to the PR and it has gone through internal review. I'm ready to merge and release 0.27.1 with the fixes but wanted to let you have a chance to review it and verify that it would address your needs. Thanks. |
Instead of always using `sh -c` to run command lines on *nix check if it is a single command (no spaces) and, if so, run that command directly. This will give users on systems without 'sh' a way to run their commands. Fixes #1508
Hello,
We are running consul-template in a docker image named google distroless and for security reasons, there are no shell installed.
Last version of consule-template that was working well was
0.25.2, when I install consule-template0.27.0, we now have the crashthe command line is
A quick look at the source code shows me a prepCommand in runner.go and nothing to change that preCommand.
I don't think it's correct to assume there's a sh installed, I don't want to add sh to my docker image for security reasons
@eikenb
The text was updated successfully, but these errors were encountered: