James Peach created MESOS-6862: ---------------------------------- Summary: Replace os::system usages to reduce the risk of command injection. Key: MESOS-6862 URL: https://issues.apache.org/jira/browse/MESOS-6862 Project: Mesos Issue Type: Bug Reporter: James Peach
There are a number of places where {{os::system}} is used for convenience. To reduce the risk of command injection, we should replace most of these with {{subprocess}} or {{os::spawn}} and not execute them with the shell. | posix/chown.hpp | {{os::chown}} | Replace with fts(3). | |launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. | | launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. | | linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. | | cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but should use {{subprocess}} for consistency. | | port_mapper/port_mapper.cpp | {{PortMapper::addPortMapping()}} | Replace with {{subprocess}}. | | port_mapper/port_mapper.cpp | {{PortMapper::delPortMapping()}} | Replace with {{subprocess}}. | In the above table, read "replacement" as replacement with {{os::spawn}} or {{subprocess} as appropriate. -- This message was sent by Atlassian JIRA (v6.3.4#6332)