hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-8207) Docker container launch use popen have risk of shell expansion
Date Tue, 08 May 2018 18:13:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-8207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467783#comment-16467783
] 

Jason Lowe commented on YARN-8207:
----------------------------------

{quote}One concern about the shallow copy, struct args buffer supposedly disappeared after
construct_docker_command. This was the reason that I used deep copy to extract the data. Now,
I am retaining the pointer reference to strings internal to struct args buffer instead of
deep copy. Wouldn't those strings get overwritten at some point or they will be reserved until
copy is freed up?
{quote}
I don't see patch 10 as of my writing this, so this is based on patch 9's version of extract_execv_args.

The shallow copy in extract_execv_args is OK because that makes a copy of the relevant thing
that is disappearing when construct_docker_command completes. When that stack frame disappears
the contents of the {{struct args}} becomes invalid, but that is only the length field and
the data field. The data field is only an array of character pointers and not the memory those
character pointers reference. That's why we only need to make a copy of the data array –
the individual arguments referenced by the data array were each malloc'd (many via strdup
or make_string), so each argument is still valid despite the construct_docker_command stack
frame disappearing.

If the character pointer array itself were malloc'd rather than stored on the stack then we
wouldn't even need to make the shallow copy, but I agree it's not essential to fix that here.

I'll take a look at patch 10 when that's posted.

> Docker container launch use popen have risk of shell expansion
> --------------------------------------------------------------
>
>                 Key: YARN-8207
>                 URL: https://issues.apache.org/jira/browse/YARN-8207
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn-native-services
>    Affects Versions: 3.0.0, 3.1.0, 3.0.1, 3.0.2
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Blocker
>              Labels: Docker
>         Attachments: YARN-8207.001.patch, YARN-8207.002.patch, YARN-8207.003.patch, YARN-8207.004.patch,
YARN-8207.005.patch, YARN-8207.006.patch, YARN-8207.007.patch, YARN-8207.008.patch, YARN-8207.009.patch,
YARN-8207.010.patch
>
>
> Container-executor code utilize a string buffer to construct docker run command, and
pass the string buffer to popen for execution.  Popen spawn a shell to run the command.  Some
arguments for docker run are still vulnerable to shell expansion.  The possible solution is
to convert from char * buffer to string array for execv to avoid shell expansion.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message