[
https://issues.apache.org/jira/browse/CASSANDRA-16565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779818#comment-17779818
]
Stefan Miklosovic commented on CASSANDRA-16565:
-----------------------------------------------
Reading it from "/proc/$pid/limits" was kind of my idea ... we got there
because the original solution was executing "bash -c ulimit -u" and I really
think we should not do that. It is just too brittle to do it like that from
Java. A lot of moving parts. Possible security issues. Because bash does not
strictly has to be everywhere. What if there is just "sh"? And more
importantly, check this:
{code}
[root@8e39a687b6c6 /]# sh --help
GNU bash, version 4.2.46(2)-release-(x86_64-redhat-linux-gnu)
Usage: sh [GNU long option] [option] ...
sh [GNU long option] [option] script-file ...
GNU long options:
--debug
--debugger
--dump-po-strings
--dump-strings
--help
--init-file
--login
--noediting
--noprofile
--norc
--posix
--protected
--rcfile
--rpm-requires
--restricted
--verbose
--version
Shell options:
-irsD or -c command or -O shopt_option (invocation only)
-abefhkmnptuvxBCHP or -o option
{code}
check this:
{code}
The --norc flag in a shell command, like sh, instructs the shell to start
without reading the user's ~/.shrc (Bourne shell run commands) or ~/.bashrc
(Bash run commands) configuration files. These configuration files often
contain user-specific settings, aliases, environment variables, and
customizations for the shell environment.
{code}
So if I have a bunch of custom functions in these files, doing god knows what,
then it will be invoked along with "bash -c ulimit -u"? That is a security
hole, isn't it? So we would need to put various arguments to that, and these
arguments might vary across different shells, and there might be a lot of
shells aliasing to sh each doing it differently etc etc. It is just easier to
read a file and that's it.
> Remove dependency on sigar
> --------------------------
>
> Key: CASSANDRA-16565
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16565
> Project: Cassandra
> Issue Type: Improvement
> Components: Build
> Reporter: David Capwell
> Assignee: Claude Warren
> Priority: Normal
> Fix For: 5.x
>
>
> sigar is used to check if the environment has good settings for running C*,
> but requires we bundle a lot of native libraries to perform this check (which
> can also be done elsewhere). This project also appears to be dead as the
> last commit was around 6 years ago.
> With the move to resolve artifacts rather than commit them, removing this
> dependency would remove majority of the artifacts fetched from GitHub.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
