[ https://issues.apache.org/jira/browse/MESOS-5388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15286128#comment-15286128 ]
Guangya Liu commented on MESOS-5388: ------------------------------------ Yes, the {{docker volume isolator}} already filtered out the {{CommandInfo.commands}} as the {{commands}} in {{docker volume isolator}} is only for {{launchInfo}} {code} Future<Option<ContainerLaunchInfo>> DockerVolumeIsolatorProcess::_prepare( const ContainerID& containerId, const vector<string>& targets, const list<Future<string>>& futures) { ContainerLaunchInfo launchInfo; <<<<<<<<< launchInfo.set_namespaces(CLONE_NEWNS); vector<string> messages; vector<string> sources; foreach (const Future<string>& future, futures) { if (!future.isReady()) { messages.push_back(future.isFailed() ? future.failure() : "discarded"); continue; } sources.push_back(strings::trim(future.get())); } if (!messages.empty()) { return Failure(strings::join("\n", messages)); } CHECK_EQ(sources.size(), targets.size()); for (size_t i = 0; i < sources.size(); i++) { const string& source = sources[i]; const string& target = targets[i]; LOG(INFO) << "Mounting docker volume mount point '" << source << "' to '" << target << "' for container " << containerId; const string command = "mount -n --rbind " + source + " " + target; launchInfo.add_commands()->set_value(command); <<<<<<<<< } return launchInfo; } {code} > MesosContainerizerLaunch flags execute arbitrary commands via shell > ------------------------------------------------------------------- > > Key: MESOS-5388 > URL: https://issues.apache.org/jira/browse/MESOS-5388 > Project: Mesos > Issue Type: Bug > Reporter: James DeFelice > Labels: mesosphere, security > > For example, the docker volume isolator's containerPath is appended (without > sanitation) to a command that's executed in this manner. As such, it's > possible to inject arbitrary shell commands to be executed by mesos. > https://github.com/apache/mesos/blob/17260204c833c643adf3d8f36ad8a1a606ece809/src/slave/containerizer/mesos/launch.cpp#L206 > Perhaps instead of strings these commands could/should be sent as string > arrays that could be passed as argv arguments w/o shell interpretation? -- This message was sent by Atlassian JIRA (v6.3.4#6332)