> On Feb. 10, 2017, 10:11 a.m., James Peach wrote: > > src/common/validation.cpp, line 42 > > <https://reviews.apache.org/r/56527/diff/1/?file=1629239#file1629239line42> > > > > '~' is a bad choice for a ID, but by itself it is not a security issue. > > You ought to check for `id[0] != '~'` (or just ban it anywhere in the > > string).
"~" is "by itself" as much as a security issue as ".." right? but yeah I overlooked other forms of [Tilde-Expansion](https://www.gnu.org/software/bash/manual/html_node/Tilde-Expansion.html). As jpeach pointed out offline, perhaps instead of disallowing certain charaters, it's easier to only allow certain chars. We should discuss with the community on that though. I'll drop "~" for now. - Jiang Yan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/56527/#review165141 ----------------------------------------------------------- On Feb. 9, 2017, 11:05 p.m., Jiang Yan Xu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/56527/ > ----------------------------------------------------------- > > (Updated Feb. 9, 2017, 11:05 p.m.) > > > Review request for mesos and James Peach. > > > Bugs: MESOS-7086 > https://issues.apache.org/jira/browse/MESOS-7086 > > > Repository: mesos > > > Description > ------- > > - Such IDs should lead to surprising or even dangerous agent side > directory structure. > > > Diffs > ----- > > src/common/validation.cpp 0f1a02286d8431acfee6136e8ada49b0ac746897 > src/tests/master_validation_tests.cpp > 0c2649089d7fd29eb021ac75c71e6a74368577dc > src/tests/slave_validation_tests.cpp > 3d17799ed04951fb56524db0f5d89347192300b2 > > Diff: https://reviews.apache.org/r/56527/diff/ > > > Testing > ------- > > make check. > > > Thanks, > > Jiang Yan Xu > >
