[jira] [Commented] (MESOS-918) Allow safe input of commands with array-of-strings interface

Jason Dusek (JIRA) Thu, 16 Jan 2014 22:21:30 -0800

    [ 
https://issues.apache.org/jira/browse/MESOS-918?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874487#comment-13874487
 ]


Jason Dusek commented on MESOS-918:
-----------------------------------

https://reviews.apache.org/r/15542/

> Allow safe input of commands with array-of-strings interface
> ------------------------------------------------------------
>
>                 Key: MESOS-918
>                 URL: https://issues.apache.org/jira/browse/MESOS-918
>             Project: Mesos
>          Issue Type: Improvement
>          Components: slave
>            Reporter: Jason Dusek
>            Priority: Minor
>              Labels: patch
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> The CommandInfo Protobuf allows specification of a command to run on the 
> slave; but at present that command is always subject to shell interpretation. 
> This makes safe handling of user input and programmatic generation of the 
> commands all but impossible.
> If an alternate interface were offered, where an `execvp()` like array of 
> arguments were accepted for specifying the command, then the old behaviour 
> could be easily recovered by passing:
>     [ "sh", "-c", ... ]
> and the new behaviour would allow for greater safety and predictability in 
> all other cases.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (MESOS-918) Allow safe input of commands with array-of-strings interface

Reply via email to