Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6862

Replace os::system usages to reduce the risk of command injection.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.2.0
    • None
    • None

    Description

      There are a number of places where os::system is used for convenience. To reduce the risk of command injection, we should replace most of these with subprocess or os::spawn and not execute them with the shell.

      posix/chown.hpp os::chown Replace with fts(3).
      launcher/fetcher.cpp extract() Replace with subprocess.
      launcher/fetcher.cpp copyFile Replace with subprocess.
      linux/perf.cpp valid() Replace with subprocess.
      cni/cni.cpp NetworkCniIsolatorSetup::execute() Not a problem, but should use subprocess for consistency.
      port_mapper/port_mapper.cpp PortMapper::addPortMapping() Replace with subprocess.
      port_mapper/port_mapper.cpp PortMapper::delPortMapping() Replace with subprocess.

      In the above table, read "replacement" as replacement with os::spawn or subprocess as appropriate.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-7041 Default CommandInfo usage to not use the shell.

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MESOS-6866 Mesos agent not checking IDs before using them as part of the paths

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              jamespeach James Peach
              jamespeach James Peach
              Yan Xu Yan Xu
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: