[
https://issues.apache.org/jira/browse/HADOOP-8456?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13484950#comment-13484950
]
Daryn Sharp commented on HADOOP-8456:
-------------------------------------
bq. Passing in paramaters under quotes means that they are passed as separate
args to app underneath (C argc/argv). Do you maybe know of some problems here?
Quotes aren't adequate if the shell is involved. Ex. A typical exploit is to
pass constructs like {{";malicious-cmd;"}} or {{$(malicious-cmd)}}. If the
shell is completely bypassed, as it should be, the list of args can be passed
through execve with no quotes. The shell should never be involved in command
execution unless you actually want it to possibly mangle your parameters which
is almost never the case.
> Support spaces in user names and group names in results returned via winutils
> -----------------------------------------------------------------------------
>
> Key: HADOOP-8456
> URL: https://issues.apache.org/jira/browse/HADOOP-8456
> Project: Hadoop Common
> Issue Type: Bug
> Components: native
> Affects Versions: 1-win
> Reporter: Chuan Liu
> Assignee: Ivan Mitic
> Priority: Minor
> Attachments: HADOOP-8456.branch-1-win.spaces.patch
>
>
> When parsing results returned by ‘ls’, we made implicit assumption that user
> and group names cannot contain spaces. On Linux, spaces are not allowed in
> user names and group names. This is not the case for Windows. We need to find
> a way to fix the problem for Windows.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
