[ https://issues.apache.org/jira/browse/YARN-8777?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620751#comment-16620751 ]
Eric Badger commented on YARN-8777: ----------------------------------- bq. The enum approach can be used for fixed number of parameters or a small set of parameters. It is probably not an ideal interface to pass arbitrary commands to container-executor for docker exec. One possible danger is sending hex code as argv to trigger buffer overflow in container-executor or docker, where there is no logic to validate the arbitrary command. I don't see how the attack surface is any different with bash vs arbitrary commands. Opening up a bash session allows the user to then execute whatever commands they want to anyway. Am I missing something here? > Container Executor C binary change to execute interactive docker command > ------------------------------------------------------------------------ > > Key: YARN-8777 > URL: https://issues.apache.org/jira/browse/YARN-8777 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Zian Chen > Assignee: Eric Yang > Priority: Major > Labels: Docker > Attachments: YARN-8777.001.patch > > > Since Container Executor provides Container execution using the native > container-executor binary, we also need to make changes to accept new > “dockerExec” method to invoke the corresponding native function to execute > docker exec command to the running container. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org