mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Peach (JIRA)" <j...@apache.org>
Subject [jira] [Created] (MESOS-6862) Replace os::system usages to reduce the risk of command injection.
Date Thu, 05 Jan 2017 17:56:01 GMT
James Peach created MESOS-6862:
----------------------------------

             Summary: Replace os::system usages to reduce the risk of command injection.
                 Key: MESOS-6862
                 URL: https://issues.apache.org/jira/browse/MESOS-6862
             Project: Mesos
          Issue Type: Bug
            Reporter: James Peach


There are a number of places where {{os::system}} is used for convenience. To reduce the risk
of command injection, we should replace most of these with {{subprocess}} or {{os::spawn}}
and not execute them with the shell.

| posix/chown.hpp | {{os::chown}} | Replace with fts(3). |
|launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. |
| launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. |
| linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. |
| cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but should use {{subprocess}}
for consistency. |
| port_mapper/port_mapper.cpp | {{PortMapper::addPortMapping()}} | Replace with {{subprocess}}.
|
| port_mapper/port_mapper.cpp | {{PortMapper::delPortMapping()}} | Replace with {{subprocess}}.
|

In the above table, read "replacement" as replacement with {{os::spawn}} or {{subprocess}
as appropriate.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message