James Peach created MESOS-7041: ---------------------------------- Summary: Default CommandInfo usage to not use the shell. Key: MESOS-7041 URL: https://issues.apache.org/jira/browse/MESOS-7041 Project: Mesos Issue Type: Bug Components: security Reporter: James Peach
One of the usage patterns of {{CommandInfo}} is to carry commands from isolators to launchers. The default (and easiest) way to use this is {{launchInfo.add_pre_exec_commands()->set_value(...)}}, which invokes the shell. To reduce the risk of shell injection attacks all isolators should default to not using the shell, which implies that this should be the easiest/default usage pattern. -- This message was sent by Atlassian JIRA (v6.3.15#6346)