[jira] [Commented] (HADOOP-16167) "hadoop CLASSFILE" prints error messages on Ubuntu 18

Mon, 04 Mar 2019 17:39:27 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16783958#comment-16783958
 ] 

Eric Yang commented on HADOOP-16167:
------------------------------------

Hadoop shell script uses indirection technique to evaluate and flatten strings 
for string manipulation.  This technique is discouraged with the discovery of 
shellshock vulnerability that trailing string can trigger unintended execution. 
 In Hadoop case, the evaluation is intended, but the technique is not 
recommended anymore due to non-deterministic outcome.  Most of the issues can 
be correct by double quote to prevent globbing and word splitting.  By briefly 
scanning through hadoop-functions.sh, there are dozen of functions that uses 
indirection instead of double quote to flatten string.  Majority of them need 
to be changed to double quotes and/or brace brackets to avoid instability.

> "hadoop CLASSFILE" prints error messages on Ubuntu 18
> -----------------------------------------------------
>
>                 Key: HADOOP-16167
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16167
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: scripts
>    Affects Versions: 3.2.0
>            Reporter: Daniel Templeton
>            Priority: Major
>
> {noformat}
> # hadoop org.apache.hadoop.conf.Configuration
> /usr/lib/hadoop/bin/../lib/hadoop/libexec//hadoop-functions.sh: line 2366: 
> HADOOP_ORG.APACHE.HADOOP.CONF.CONFIGURATION_USER: bad substitution
> /usr/lib/hadoop/bin/../lib/hadoop/libexec//hadoop-functions.sh: line 2331: 
> HADOOP_ORG.APACHE.HADOOP.CONF.CONFIGURATION_USER: bad substitution
> /usr/lib/hadoop/bin/../lib/hadoop/libexec//hadoop-functions.sh: line 2426: 
> HADOOP_ORG.APACHE.HADOOP.CONF.CONFIGURATION_OPTS: bad substitution
> {noformat}
> The issue is a regression in bash 4.4.  See 
> [here|http://savannah.gnu.org/support/?109649].  The extraneous output can 
> break scripts that read the command output.
> According to [~aw]:
> {quote}Oh, I think I see the bug.  HADOOP_SUBCMD (and equivalents in yarn, 
> hdfs, etc) just needs some special handling when a custom method is being 
> called.  For example, there’s no point in checking to see if it should run 
> with privileges, so just skip over that.  Probably a few other places too.  
> Relatively easy fix.  2 lines of code, maybe.{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to