There is (1), we can do it similarly for commit log archiving

(1)
https://github.com/apache/cassandra/commit/aafb4d19448f12ce600dc4e84a5b181308825b32

On Fri, Aug 30, 2024 at 6:56 PM Dinesh Joshi <djo...@apache.org> wrote:

> Thanks for bringing this to the mailing list. I quickly skimmed the
> feature and I agree with you that having an arbitrary command executed
> could be dangerous. However, this is a 12 year old feature and so am
> guessing there are people using it.
>
> As far as locking down the feature, I don't think it is feasible to
> lock it down as it allows execution of arbitrary scripts.
>
> Dinesh
>
> On Fri, Aug 30, 2024 at 9:14 AM guo Maxwell <cclive1...@gmail.com> wrote:
> >
> >     Commitlog has the ability of archive  log file, see
> CommitLogArchiver.java,  we can achieve the purpose of archive and restore
> commitlog by configuring archive_command and restore_command in
> commitlog_archiving.properties.The archive_command and restore_command can
> be some linux/unix shell command.  However, I found that the shell command
> can actually be filled with any script, even if "rm -rf" .I have tested
> this situation and it finally succeeded with my test file being deleted.
> >
> >     Personally, I think it is a dangerous behavior, because if there are
> no system-level restrictions and users are allowed to do anything in these
> shell commands. So here I want to discuss with you whether it is necessary
> to impose any restrictions on use, or do we need a new way of
> archiving/restoring commitlog?
> >
> > Of course, before that, I would also like to ask, how many people are
> using archive and restore of commitlog? It seems that the commitlog archive
> code has not been updated for a long time.
> >
> > I have two ideas.
> > One is to make some restrictions on the command context based on the
> existing usage methods, such as strictly only allowing the current cp/mv/ln
> %path to %name.Other redundant strings in the command are not allowed.
> > Another one , As I roughly investigated the archive of mysql and pg.
> They do not give users too much space (I am talking about letting users
> define their own archiving command ), and archive directly to a designated
> location. For us, I feel that we can refer to c * Incremental backup of
> sstable,  add a hardlink to the commitlog to the specified location, but
> this place may modify the original configuration method, such as setting
> the archive location and restoring location of the node through nodetool
> and deprecate the  commitlog_archiving.properties configuration.
> >
> > I am just putting forward some views  here, and looking forward to your
> feedback. 😀
> >
>

Reply via email to