[
https://issues.apache.org/jira/browse/YARN-8777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620751#comment-16620751
]
Eric Badger commented on YARN-8777:
-----------------------------------
bq. The enum approach can be used for fixed number of parameters or a small set
of parameters. It is probably not an ideal interface to pass arbitrary commands
to container-executor for docker exec. One possible danger is sending hex code
as argv to trigger buffer overflow in container-executor or docker, where there
is no logic to validate the arbitrary command.
I don't see how the attack surface is any different with bash vs arbitrary
commands. Opening up a bash session allows the user to then execute whatever
commands they want to anyway. Am I missing something here?
> Container Executor C binary change to execute interactive docker command
> ------------------------------------------------------------------------
>
> Key: YARN-8777
> URL: https://issues.apache.org/jira/browse/YARN-8777
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Zian Chen
> Assignee: Eric Yang
> Priority: Major
> Labels: Docker
> Attachments: YARN-8777.001.patch
>
>
> Since Container Executor provides Container execution using the native
> container-executor binary, we also need to make changes to accept new
> “dockerExec” method to invoke the corresponding native function to execute
> docker exec command to the running container.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
