[
https://issues.apache.org/jira/browse/MESOS-6235?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jie Yu updated MESOS-6235:
--------------------------
Assignee: Kevin Klues
> Add 'argv' variant of 'os::system'
> ----------------------------------
>
> Key: MESOS-6235
> URL: https://issues.apache.org/jira/browse/MESOS-6235
> Project: Mesos
> Issue Type: Task
> Reporter: Kevin Klues
> Assignee: Kevin Klues
> Fix For: 1.0.2
>
>
> The {{os::system()}} function always spawns whatever string you pass to is a
> a direct argument to {{sh -c '<arg_string>'}}. However, this can be
> problematic if you build {{<arg_string>}} from user supplied input and they
> have the opportunity to inject arbitrary commands at the end of it (e.g. by
> adding a "; rm -rf" as part of the last user supplied argument).
> To counter this, we should introduce a variant of {{os::system()}} that takes
> a single command and a list of args (similar to the {{posix_spawn()}}
> function.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
