James Peach created MESOS-6862:
----------------------------------
Summary: Replace os::system usages to reduce the risk of command
injection.
Key: MESOS-6862
URL: https://issues.apache.org/jira/browse/MESOS-6862
Project: Mesos
Issue Type: Bug
Reporter: James Peach
There are a number of places where {{os::system}} is used for convenience. To
reduce the risk of command injection, we should replace most of these with
{{subprocess}} or {{os::spawn}} and not execute them with the shell.
| posix/chown.hpp | {{os::chown}} | Replace with fts(3). |
|launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. |
| launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. |
| linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. |
| cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but
should use {{subprocess}} for consistency. |
| port_mapper/port_mapper.cpp | {{PortMapper::addPortMapping()}} | Replace with
{{subprocess}}. |
| port_mapper/port_mapper.cpp | {{PortMapper::delPortMapping()}} | Replace with
{{subprocess}}. |
In the above table, read "replacement" as replacement with {{os::spawn}} or
{{subprocess} as appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
