[jira] [Commented] (HADOOP-13093) Discuss whether dfs -ls should escape control characters on terminal

Fri, 06 May 2016 11:43:03 -0700 

    [ 
https://issues.apache.org/jira/browse/HADOOP-13093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15274545#comment-15274545
 ] 

Allen Wittenauer commented on HADOOP-13093:
-------------------------------------------

*  HADOOP-13079 provides an option for users to use if they so chose.  
* It's pretty much impossible without limiting the character set that 
FileSystem, FileContext, job names, and who knows what all to prevent 
non-printable characters from ever appearing on the screen. This goes way 
beyond just HDFS.
* This is not a security issue with Apache Hadoop.  This is a security issue 
with certain types of terminal emulation.  Even though this has been a known 
issue for decades, UNIX and POSIX has not sought to require that 
implementations strip control characters from command line utilities.
* GNU and some BSD implementations have limited ls and ONLY ls in certain 
contexts.  They have NOT limited or even provided the capability to limit 
control characters from other programs that print directory and file names.  
(Keep in mind that ftpd traditionally used ls to read content, thus it may have 
been possible to use ls as a malicious attack against a root process.)

> Discuss whether dfs -ls should escape control characters on terminal
> --------------------------------------------------------------------
>
>                 Key: HADOOP-13093
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13093
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>            Reporter: John Zhuge
>            Assignee: John Zhuge
>
> HADOOP-13079 adds option {{-q}} to {{dfs -ls}} to print non-printable 
> characters as "?". This jira will decide whether to make {{-q}} the default 
> for {{dfs -ls}} on a terminal.
> This is a split of HADOOP-13079. The split gives us more time to debate the 
> proper default behavior and enables different target versions.
> To test whether STDOUT is connected to a terminal, I will use 
> {{System.console() != null}}, fully aware its limitation. JNI {{isatty(3)}} 
> is possible but too problematic as pointed out by [~cmccabe].
> I will survey FsShell and hdfs commands and their proper expected default 
> behaviors. Thanks [~andrew.wang] for the suggestion. More jiras may follow.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to