-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/52011/
-----------------------------------------------------------

Review request for mesos, Gilbert Song and Jie Yu.


Bugs: MESOS-6075
    https://issues.apache.org/jira/browse/MESOS-6075


Repository: mesos


Description
-------

Previously, we used 'process::subprocess()' to run all of our pre-exec
commands. However, doing so causes us to (unnecesssarily) initialize
all of libprocess (and subsequently creating a whole bunch of unused
threads, etc.) just to run a simple script.

To avoid this, we now use fork/exec exec directly avoid calling
'process:subprocess()'. In the past, we used 'os::system()' here
to avoid initializing libprocess, but this caused security issues with
allowing arbitrary shell commands to be appended to root-level
pre-exec commands that take strings as their last argument (e.g. mount
--bind <src> <target>, where target is user supplied and is set to
"target_dir; rm -rf /"). We now handle this case by invoking `execvp`
directly (which ensures that exactly one command is invoked and that
all of the strings passed to it are treated as direct arguments to
that one command).

In the fututre, we should consider refactoring
'libprocess::subprocess()' to pull the base functionality into stout
to avoid initializing libprocess for simple use cases like this one.


Diffs
-----

  src/slave/containerizer/mesos/launch.cpp 
fc51e04ec1572679e6a48ff4f0fa31ef2dfd6ec3 

Diff: https://reviews.apache.org/r/52011/diff/


Testing
-------

$ GTEST_FILTER="" make -j check
$ src/mesos-tests
$ sudo src/mesos-tests


Thanks,

Kevin Klues

Reply via email to