mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilbert Song <songzihao1...@gmail.com>
Subject Re: Review Request 50214: Supported non-shell command in MesosLaunch to avoid arbitrary commands.
Date Wed, 27 Jul 2016 21:39:03 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50214/
-----------------------------------------------------------

(Updated July 27, 2016, 2:39 p.m.)


Review request for mesos, Artem Harutyunyan, Jie Yu, and Timothy Chen.


Bugs: MESOS-5388
    https://issues.apache.org/jira/browse/MESOS-5388


Repository: mesos


Description
-------

Currently all pre_exec_commands are executed as shell commands
in Mesos Launch. It is not safe because arbitrary shell command
may be included in some user facing api (e.g., container_path).
We should execute those command as a subprocess to prevent
arbitrary shell command injection.


Diffs (updated)
-----

  src/slave/containerizer/mesos/launch.cpp 51f0c110ff0c414837fd69db81047979a0093388 

Diff: https://reviews.apache.org/r/50214/diff/


Testing
-------

make check

sudo ./bin/mesos-tests.sh


Thanks,

Gilbert Song


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message