[jira] [Commented] (MESOS-5388) MesosContainerizerLaunch flags execute arbitrary commands via shell

Mon, 16 May 2016 23:37:21 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-5388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15286128#comment-15286128
 ] 

Guangya Liu commented on MESOS-5388:
------------------------------------

Yes, the {{docker volume isolator}} already filtered out the 
{{CommandInfo.commands}} as the {{commands}} in {{docker volume isolator}} is 
only for {{launchInfo}}

{code}
Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare(
    const ContainerID& containerId,
    const vector<string>& targets,
    const list<Future<string>>& futures)
{
  ContainerLaunchInfo launchInfo;  <<<<<<<<<
  launchInfo.set_namespaces(CLONE_NEWNS);

  vector<string> messages;
  vector<string> sources;
  foreach (const Future<string>& future, futures) {
    if (!future.isReady()) {
      messages.push_back(future.isFailed() ? future.failure() : "discarded");
      continue;
    }

    sources.push_back(strings::trim(future.get()));
  }

  if (!messages.empty()) {
    return Failure(strings::join("\n", messages));
  }

  CHECK_EQ(sources.size(), targets.size());

  for (size_t i = 0; i < sources.size(); i++) {
    const string& source = sources[i];
    const string& target = targets[i];

    LOG(INFO) << "Mounting docker volume mount point '" << source
              << "' to '" << target  << "' for container " << containerId;

    const string command = "mount -n --rbind " + source + " " + target;

    launchInfo.add_commands()->set_value(command); <<<<<<<<<
  }

  return launchInfo;
}
{code}

> MesosContainerizerLaunch flags execute arbitrary commands via shell
> -------------------------------------------------------------------
>
>                 Key: MESOS-5388
>                 URL: https://issues.apache.org/jira/browse/MESOS-5388
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: James DeFelice
>              Labels: mesosphere, security
>
> For example, the docker volume isolator's containerPath is appended (without 
> sanitation) to a command that's executed in this manner. As such, it's 
> possible to inject arbitrary shell commands to be executed by mesos.
> https://github.com/apache/mesos/blob/17260204c833c643adf3d8f36ad8a1a606ece809/src/slave/containerizer/mesos/launch.cpp#L206
> Perhaps instead of strings these commands could/should be sent as string 
> arrays that could be passed as argv arguments w/o shell interpretation?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to