mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam B <a...@mesosphere.io>
Subject Re: Review Request 57763: Fixed environment overwrite warning to not leak possibly sensitive data.
Date Thu, 23 Mar 2017 00:51:43 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/57763/#review169816
-----------------------------------------------------------




src/slave/containerizer/mesos/launch.cpp
Line 669 (original), 667 (patched)
<https://reviews.apache.org/r/57763/#comment242454>

    Also, it seems unnecessary to (re)assign `value` to `environment[name]` if it already
has that value. So far, you have only changed the conditions under which we log. Perhaps something
more like:
    ```
    if (!environment.contains(name) {
      environment[name] = value;
    } else if (environment[name] != value) {
        cout << "Overwriting..."; // TODO: Make this an error?
        environment[name] = value;
    } // else silently ignore the dupe.
    ```


- Adam B


On March 19, 2017, 7:51 p.m., Till Toenshoff wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/57763/
> -----------------------------------------------------------
> 
> (Updated March 19, 2017, 7:51 p.m.)
> 
> 
> Review request for mesos, Adam B, Alexander Rukletsov, Benjamin Bannier, Jie Yu, and
Joseph Wu.
> 
> 
> Bugs: MESOS-7264
>     https://issues.apache.org/jira/browse/MESOS-7264
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> See summary.
> 
> 
> Diffs
> -----
> 
>   src/slave/containerizer/mesos/launch.cpp 8658525b00e78bed9227d6d400eccccae2cf25dd 
> 
> 
> Diff: https://reviews.apache.org/r/57763/diff/1/
> 
> 
> Testing
> -------
> 
> make check & functional testing...
> 
> ```
> ./src/mesos-execute --name="test" --env='{"key1":"value1"}' --command='sleep 1000' --master=127.0.0.1:5050
> ```
> 
> Within the contents of `stdout` before applying this:
> ```
> Overwriting environment variable 'key1', original: 'value1', new: 'value1'
> ```
> 
> After applying this there is no mention of the actually duplicate but equally valued
variable anymore. Note, this is before applying https://reviews.apache.org/r/57762.
> 
> 
> Thanks,
> 
> Till Toenshoff
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message