[
https://issues.apache.org/jira/browse/MESOS-6862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
James Peach updated MESOS-6862:
-------------------------------
Description:
There are a number of places where {{os::system}} is used for convenience. To
reduce the risk of command injection, we should replace most of these with
{{subprocess}} or {{os::spawn}} and not execute them with the shell.
| posix/chown.hpp | {{os::chown}} | Replace with fts(3). |
|launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. |
| launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. |
| linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. |
| cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but
should use {{subprocess}} for consistency. |
| -port_mapper/port_mapper.cpp- | -{{PortMapper::addPortMapping()}}- | -Replace
with {{subprocess}}.- |
| -port_mapper/port_mapper.cpp- | -{{PortMapper::delPortMapping()}}- | -Replace
with {{subprocess}}.- |
In the above table, read "replacement" as replacement with {{os::spawn}} or
{{subprocess}} as appropriate.
was:
There are a number of places where {{os::system}} is used for convenience. To
reduce the risk of command injection, we should replace most of these with
{{subprocess}} or {{os::spawn}} and not execute them with the shell.
| posix/chown.hpp | {{os::chown}} | Replace with fts(3). |
|launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. |
| launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. |
| linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. |
| cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but
should use {{subprocess}} for consistency. |
| port_mapper/port_mapper.cpp | {{PortMapper::addPortMapping()}} | Replace with
{{subprocess}}. |
| port_mapper/port_mapper.cpp | {{PortMapper::delPortMapping()}} | Replace with
{{subprocess}}. |
In the above table, read "replacement" as replacement with {{os::spawn}} or
{{subprocess}} as appropriate.
> Replace os::system usages to reduce the risk of command injection.
> ------------------------------------------------------------------
>
> Key: MESOS-6862
> URL: https://issues.apache.org/jira/browse/MESOS-6862
> Project: Mesos
> Issue Type: Bug
> Reporter: James Peach
> Assignee: James Peach
>
> There are a number of places where {{os::system}} is used for convenience. To
> reduce the risk of command injection, we should replace most of these with
> {{subprocess}} or {{os::spawn}} and not execute them with the shell.
> | posix/chown.hpp | {{os::chown}} | Replace with fts(3). |
> |launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. |
> | launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. |
> | linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. |
> | cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but
> should use {{subprocess}} for consistency. |
> | -port_mapper/port_mapper.cpp- | -{{PortMapper::addPortMapping()}}- |
> -Replace with {{subprocess}}.- |
> | -port_mapper/port_mapper.cpp- | -{{PortMapper::delPortMapping()}}- |
> -Replace with {{subprocess}}.- |
> In the above table, read "replacement" as replacement with {{os::spawn}} or
> {{subprocess}} as appropriate.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
