hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-8207) Docker container launch use popen have risk of shell expansion
Date Tue, 08 May 2018 17:36:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-8207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467725#comment-16467725

Jason Lowe commented on YARN-8207:

init_args would not require the structure to be malloc'd, rather it would look like this when
  args args;
or it could be done like a macro, e.g.:
#define ARGS_INITIAL_VALUE  { 0 }
The problem with it now is the reader (and caller) has to be intimately aware of the layout
of the args struct to understand what that line of code is doing. Given that line appears
multiple times in the patch, it should be fixed to improve readability, encapsulation, etc.
{quote}No, it doesn't malloc(-1) will return null instead of 0 bytes, the second check will
not succeed.
It won't be a malloc(-1), it will be a malloc(0) because it adds 1 to the result of vsnprintf
to calculate the buffer length. malloc(0) is not clearly defined, but some systems will return
a pointer that isn't NULL that can be safely free()'d.

> Docker container launch use popen have risk of shell expansion
> --------------------------------------------------------------
>                 Key: YARN-8207
>                 URL: https://issues.apache.org/jira/browse/YARN-8207
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn-native-services
>    Affects Versions: 3.0.0, 3.1.0, 3.0.1, 3.0.2
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Blocker
>              Labels: Docker
>         Attachments: YARN-8207.001.patch, YARN-8207.002.patch, YARN-8207.003.patch, YARN-8207.004.patch,
YARN-8207.005.patch, YARN-8207.006.patch, YARN-8207.007.patch, YARN-8207.008.patch, YARN-8207.009.patch
> Container-executor code utilize a string buffer to construct docker run command, and
pass the string buffer to popen for execution.  Popen spawn a shell to run the command.  Some
arguments for docker run are still vulnerable to shell expansion.  The possible solution is
to convert from char * buffer to string array for execv to avoid shell expansion.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message