hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8456) Support spaces in user names and group names in results returned via winutils
Date Fri, 26 Oct 2012 14:27:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484950#comment-13484950
] 

Daryn Sharp commented on HADOOP-8456:
-------------------------------------

bq. Passing in paramaters under quotes means that they are passed as separate args to app
underneath (C argc/argv). Do you maybe know of some problems here?

Quotes aren't adequate if the shell is involved.  Ex.  A typical exploit is to pass constructs
like {{";malicious-cmd;"}} or {{$(malicious-cmd)}}.  If the shell is completely bypassed,
as it should be, the list of args can be passed through execve with no quotes.  The shell
should never be involved in command execution unless you actually want it to possibly mangle
your parameters which is almost never the case.

                
> Support spaces in user names and group names in results returned via winutils
> -----------------------------------------------------------------------------
>
>                 Key: HADOOP-8456
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8456
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: native
>    Affects Versions: 1-win
>            Reporter: Chuan Liu
>            Assignee: Ivan Mitic
>            Priority: Minor
>         Attachments: HADOOP-8456.branch-1-win.spaces.patch
>
>
> When parsing results returned by ‘ls’, we made implicit assumption that user and
group names cannot contain spaces. On Linux, spaces are not allowed in user names and group
names. This is not the case for Windows. We need to find a way to fix the problem for Windows.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message