Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.0.0, 3.1.0, 3.0.1, 3.0.2
    • Fix Version/s: 3.2.0, 3.1.1
    • Component/s: yarn-native-services
    • Labels:
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      Container-executor code utilize a string buffer to construct docker run command, and pass the string buffer to popen for execution. Popen spawn a shell to run the command. Some arguments for docker run are still vulnerable to shell expansion. The possible solution is to convert from char * buffer to string array for execv to avoid shell expansion.

        Attachments

        1. YARN-8207.001.patch
          128 kB
          Eric Yang
        2. YARN-8207.002.patch
          128 kB
          Eric Yang
        3. YARN-8207.003.patch
          126 kB
          Eric Yang
        4. YARN-8207.004.patch
          125 kB
          Eric Yang
        5. YARN-8207.005.patch
          125 kB
          Eric Yang
        6. YARN-8207.006.patch
          125 kB
          Eric Yang
        7. YARN-8207.007.patch
          126 kB
          Eric Yang
        8. YARN-8207.008.patch
          126 kB
          Eric Yang
        9. YARN-8207.009.patch
          127 kB
          Eric Yang
        10. YARN-8207.010.patch
          127 kB
          Eric Yang

          Issue Links

            Activity

              People

              • Assignee:
                eyang Eric Yang
                Reporter:
                eyang Eric Yang
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: