[jira] [Commented] (YARN-8207) Docker container launch use popen have risk of shell expansion

Tue, 08 May 2018 10:36:32 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-8207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467725#comment-16467725
 ] 

Jason Lowe commented on YARN-8207:
----------------------------------

init_args would not require the structure to be malloc'd, rather it would look 
like this when used:
{code:java}
  args args;
  init_args(&args);
{code}
or it could be done like a macro, e.g.:
{code:java}
#define ARGS_INITIAL_VALUE  { 0 }
[...]
args args = ARGS_INITIAL_VALUE;
{code}
The problem with it now is the reader (and caller) has to be intimately aware 
of the layout of the args struct to understand what that line of code is doing. 
Given that line appears multiple times in the patch, it should be fixed to 
improve readability, encapsulation, etc.
{quote}No, it doesn't malloc(-1) will return null instead of 0 bytes, the 
second check will not succeed.
{quote}
It won't be a malloc(-1), it will be a malloc(0) because it adds 1 to the 
result of vsnprintf to calculate the buffer length. malloc(0) is not clearly 
defined, but some systems will return a pointer that isn't NULL that can be 
safely free()'d.

> Docker container launch use popen have risk of shell expansion
> --------------------------------------------------------------
>
>                 Key: YARN-8207
>                 URL: https://issues.apache.org/jira/browse/YARN-8207
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: yarn-native-services
>    Affects Versions: 3.0.0, 3.1.0, 3.0.1, 3.0.2
>            Reporter: Eric Yang
>            Assignee: Eric Yang
>            Priority: Blocker
>              Labels: Docker
>         Attachments: YARN-8207.001.patch, YARN-8207.002.patch, 
> YARN-8207.003.patch, YARN-8207.004.patch, YARN-8207.005.patch, 
> YARN-8207.006.patch, YARN-8207.007.patch, YARN-8207.008.patch, 
> YARN-8207.009.patch
>
>
> Container-executor code utilize a string buffer to construct docker run 
> command, and pass the string buffer to popen for execution.  Popen spawn a 
> shell to run the command.  Some arguments for docker run are still vulnerable 
> to shell expansion.  The possible solution is to convert from char * buffer 
> to string array for execv to avoid shell expansion.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to