Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7041

Default CommandInfo usage to not use the shell.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security
    • None

    Description

      One of the usage patterns of CommandInfo is to carry commands from isolators to launchers. The default (and easiest) way to use this is launchInfo.add_pre_exec_commands()->set_value(...), which invokes the shell. To reduce the risk of shell injection attacks all isolators should default to not using the shell, which implies that this should be the easiest/default usage pattern.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-6862 Replace os::system usages to reduce the risk of command injection.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              jamespeach James Peach
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: