James Peach created MESOS-7041:
----------------------------------
Summary: Default CommandInfo usage to not use the shell.
Key: MESOS-7041
URL: https://issues.apache.org/jira/browse/MESOS-7041
Project: Mesos
Issue Type: Bug
Components: security
Reporter: James Peach
One of the usage patterns of {{CommandInfo}} is to carry commands from
isolators to launchers. The default (and easiest) way to use this is
{{launchInfo.add_pre_exec_commands()->set_value(...)}}, which invokes the
shell. To reduce the risk of shell injection attacks all isolators should
default to not using the shell, which implies that this should be the
easiest/default usage pattern.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
