[ https://issues.apache.org/jira/browse/MESOS-6862?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach updated MESOS-6862: ------------------------------- Shepherd: Yan Xu > Replace os::system usages to reduce the risk of command injection. > ------------------------------------------------------------------ > > Key: MESOS-6862 > URL: https://issues.apache.org/jira/browse/MESOS-6862 > Project: Mesos > Issue Type: Bug > Reporter: James Peach > Assignee: James Peach > > There are a number of places where {{os::system}} is used for convenience. To > reduce the risk of command injection, we should replace most of these with > {{subprocess}} or {{os::spawn}} and not execute them with the shell. > | posix/chown.hpp | {{os::chown}} | Replace with fts(3). | > |launcher/fetcher.cpp | {{extract()}} | Replace with {{subprocess}}. | > | launcher/fetcher.cpp | {{copyFile}} | Replace with {{subprocess}}. | > | linux/perf.cpp | {{valid()}} | Replace with {{subprocess}}. | > | cni/cni.cpp | {{NetworkCniIsolatorSetup::execute()}} | Not a problem, but > should use {{subprocess}} for consistency. | > | -port_mapper/port_mapper.cpp- | -{{PortMapper::addPortMapping()}}- | > -Replace with {{subprocess}}.- | > | -port_mapper/port_mapper.cpp- | -{{PortMapper::delPortMapping()}}- | > -Replace with {{subprocess}}.- | > In the above table, read "replacement" as replacement with {{os::spawn}} or > {{subprocess}} as appropriate. -- This message was sent by Atlassian JIRA (v6.3.4#6332)