[
https://issues.apache.org/jira/browse/YARN-5621?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15477967#comment-15477967
]
Allen Wittenauer commented on YARN-5621:
----------------------------------------
Actually, that reminds me.... where *is* the input validation here? Every time
we use bash, we're opening the door to all sorts of fun metacharacter issues.
Is it possible for a user to try to get a symlink for:
{code}
1\\;rm -rf /
1"\\;rm -rf /
1\\\;;;;;;rm -rf /
1\\;;*;rm -rf /
{code}
...
etc.
FWIW, I'd love to see us drop the container launch script. I haven't tried it,
but I suspect we can do lots of fun things with the env vars. Especially if it
is using execlp instead of execl. Just because we wrap stuff in quotes doesn't
mean that code is magically safe. (and because set -e, pipefail, etc aren't set
in that launch script, it just makes it a bigger/easier target.)
> Support LinuxContainerExecutor to create symlinks for continuously localized
> resources
> --------------------------------------------------------------------------------------
>
> Key: YARN-5621
> URL: https://issues.apache.org/jira/browse/YARN-5621
> Project: Hadoop YARN
> Issue Type: Sub-task
> Reporter: Jian He
> Assignee: Jian He
> Attachments: YARN-5621.1.patch, YARN-5621.2.patch, YARN-5621.3.patch
>
>
> When new resources are localized, new symlink needs to be created for the
> localized resource. This is the change for the LinuxContainerExecutor to
> create the symlinks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
