[
https://issues.apache.org/jira/browse/YARN-8207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16467673#comment-16467673
]
Eric Yang commented on YARN-8207:
---------------------------------
[~jlowe]
{quote}At a bare minimum there should be a utility method, e.g:
extract_execv_args(args* args){quote}
I agree to this point, and will do this.
{quote}Please create an init function, e.g.: init_args(args* args), or a macro
to encapsulate initialization of the structure.{quote}
Init_args is only assigning 0 to length. I prefer to write it as:
{code}
struct args buffer = { 0 };
{code}
Instead of:
{code}
struct args *buffer = malloc(sizeof(args));
init_args(buffer);
{code}
I understand the desire and obsession for code perfection, but I am trying to
restrain myself from making more mess in crunch time.
{quote}As add_to_args works today, the lack of a NULL check on the make_string
result will cause the program to crash. {quote}
Sorry, I thought I had a null check, but it was changed to length check. This
will be fixed.
{quote}would be safer and easier to understand written with strdup/strndup,
e.g.:
{code}
dst = strndup(values[i], tmp_ptr - values[i]);
pattern = strdup(permitted_values[j] + 6);
{code}
{quote}
This will be optimized.
{quote}make_string is still not checking for vsnprintf failure. If the first
vsnprintf fails and returns -1, the code will allocate a 0-byte buffer.{quote}
No, it doesn't malloc(-1) will return null instead of 0 bytes, the second check
will not succeed.
> Docker container launch use popen have risk of shell expansion
> --------------------------------------------------------------
>
> Key: YARN-8207
> URL: https://issues.apache.org/jira/browse/YARN-8207
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: yarn-native-services
> Affects Versions: 3.0.0, 3.1.0, 3.0.1, 3.0.2
> Reporter: Eric Yang
> Assignee: Eric Yang
> Priority: Blocker
> Labels: Docker
> Attachments: YARN-8207.001.patch, YARN-8207.002.patch,
> YARN-8207.003.patch, YARN-8207.004.patch, YARN-8207.005.patch,
> YARN-8207.006.patch, YARN-8207.007.patch, YARN-8207.008.patch
>
>
> Container-executor code utilize a string buffer to construct docker run
> command, and pass the string buffer to popen for execution. Popen spawn a
> shell to run the command. Some arguments for docker run are still vulnerable
> to shell expansion. The possible solution is to convert from char * buffer
> to string array for execv to avoid shell expansion.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
