Kevin Klues created MESOS-6235:

             Summary: Add 'argv' variant of 'os::system'
                 Key: MESOS-6235
             Project: Mesos
          Issue Type: Task
            Reporter: Kevin Klues
             Fix For: 1.0.2

The {{os::system()}} function always spawns whatever string you pass to is a a 
direct argument to {{sh -c '<arg_string>'}}. However, this can be problematic 
if you build {{<arg_string>}} from user supplied input and they have the 
opportunity to inject arbitrary commands at the end of it (e.g. by adding a "; 
rm -rf" as part of the last user supplied argument).

To counter this, we should introduce a variant of {{os::system()}} that takes a 
single command and a list of args (similar to the {{posix_spawn()}} function.

This message was sent by Atlassian JIRA

Reply via email to