[ https://issues.apache.org/jira/browse/CASSANDRA-16565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779818#comment-17779818 ]
Stefan Miklosovic commented on CASSANDRA-16565: ----------------------------------------------- Reading it from "/proc/$pid/limits" was kind of my idea ... we got there because the original solution was executing "bash -c ulimit -u" and I really think we should not do that. It is just too brittle to do it like that from Java. A lot of moving parts. Possible security issues. Because bash does not strictly has to be everywhere. What if there is just "sh"? And more importantly, check this: {code} [root@8e39a687b6c6 /]# sh --help GNU bash, version 4.2.46(2)-release-(x86_64-redhat-linux-gnu) Usage: sh [GNU long option] [option] ... sh [GNU long option] [option] script-file ... GNU long options: --debug --debugger --dump-po-strings --dump-strings --help --init-file --login --noediting --noprofile --norc --posix --protected --rcfile --rpm-requires --restricted --verbose --version Shell options: -irsD or -c command or -O shopt_option (invocation only) -abefhkmnptuvxBCHP or -o option {code} check this: {code} The --norc flag in a shell command, like sh, instructs the shell to start without reading the user's ~/.shrc (Bourne shell run commands) or ~/.bashrc (Bash run commands) configuration files. These configuration files often contain user-specific settings, aliases, environment variables, and customizations for the shell environment. {code} So if I have a bunch of custom functions in these files, doing god knows what, then it will be invoked along with "bash -c ulimit -u"? That is a security hole, isn't it? So we would need to put various arguments to that, and these arguments might vary across different shells, and there might be a lot of shells aliasing to sh each doing it differently etc etc. It is just easier to read a file and that's it. > Remove dependency on sigar > -------------------------- > > Key: CASSANDRA-16565 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16565 > Project: Cassandra > Issue Type: Improvement > Components: Build > Reporter: David Capwell > Assignee: Claude Warren > Priority: Normal > Fix For: 5.x > > > sigar is used to check if the environment has good settings for running C*, > but requires we bundle a lot of native libraries to perform this check (which > can also be done elsewhere). This project also appears to be dead as the > last commit was around 6 years ago. > With the move to resolve artifacts rather than commit them, removing this > dependency would remove majority of the artifacts fetched from GitHub. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org