Re: Review Request 50214: Supported non-shell command in MesosLaunch to avoid arbitrary commands.

Gilbert Song Mon, 25 Jul 2016 20:19:38 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/50214/
-----------------------------------------------------------


(Updated July 25, 2016, 8:19 p.m.)


Review request for mesos, Artem Harutyunyan, Jie Yu, and Timothy Chen.


Bugs: MESOS-5388
    https://issues.apache.org/jira/browse/MESOS-5388


Repository: mesos


Description
-------

Currently all pre_exec_commands are executed as shell commands
in Mesos Launch. It is not safe because arbitrary shell command
may be included in some user facing api (e.g., container_path).
We should execute those command as a subprocess to prevent
arbitrary shell command injection.


Diffs (updated)
-----

  src/slave/containerizer/mesos/launch.cpp 
51f0c110ff0c414837fd69db81047979a0093388 

Diff: https://reviews.apache.org/r/50214/diff/


Testing
-------

make check

sudo ./bin/mesos-tests.sh


Thanks,

Gilbert Song

Re: Review Request 50214: Supported non-shell command in MesosLaunch to avoid arbitrary commands.

Reply via email to