[ https://issues.apache.org/jira/browse/SPARK-24380?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
paul mackles closed SPARK-24380. -------------------------------- > argument quoting/escaping broken in mesos cluster scheduler > ----------------------------------------------------------- > > Key: SPARK-24380 > URL: https://issues.apache.org/jira/browse/SPARK-24380 > Project: Spark > Issue Type: Bug > Components: Deploy, Mesos > Affects Versions: 2.2.0, 2.3.0 > Reporter: paul mackles > Priority: Critical > Fix For: 2.4.0 > > > When a configuration property contains shell characters that require quoting, > the Mesos cluster scheduler generates the spark-submit argument like so: > {code:java} > --conf "spark.mesos.executor.docker.parameters="label=logging=|foo|""{code} > Note the quotes around the property value as well as the key=value pair. When > using docker, this breaks the spark-submit command and causes the "|" to be > interpreted as an actual shell PIPE. Spaces, semi-colons, etc also cause > issues. > Although I haven't tried, I suspect this is also a potential security issue > in that someone could exploit it to run arbitrary code on the host. > My patch is pretty minimal and just removes the outer quotes around the > key=value pair, resulting in something like: > {code:java} > --conf spark.mesos.executor.docker.parameters="label=logging=|foo|"{code} > A more extensive fix might try wrapping the entire key=value pair in single > quotes but I was concerned about backwards compatibility with that change. > -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org