[YARN-8207] Docker container launch use popen have risk of shell expansion - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 3.0.0, 3.1.0, 3.0.1, 3.0.2
Fix Version/s: 3.2.0, 3.1.1
Component/s: yarn-native-services
Labels:
- Docker

Target Version/s:

3.2.0, 3.1.1
Hadoop Flags:

Reviewed

Description

Container-executor code utilize a string buffer to construct docker run command, and pass the string buffer to popen for execution. Popen spawn a shell to run the command. Some arguments for docker run are still vulnerable to shell expansion. The possible solution is to convert from char * buffer to string array for execv to avoid shell expansion.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-8207.001.patch
26/Apr/18 01:28
128 kB
Eric Yang
YARN-8207.002.patch
30/Apr/18 22:21
128 kB
Eric Yang
YARN-8207.003.patch
01/May/18 18:46
126 kB
Eric Yang
YARN-8207.004.patch
01/May/18 22:48
125 kB
Eric Yang
YARN-8207.005.patch
01/May/18 23:26
125 kB
Eric Yang
YARN-8207.006.patch
05/May/18 19:39
125 kB
Eric Yang
YARN-8207.007.patch
07/May/18 15:45
126 kB
Eric Yang
YARN-8207.008.patch
08/May/18 01:10
126 kB
Eric Yang
YARN-8207.009.patch
08/May/18 17:31
127 kB
Eric Yang
YARN-8207.010.patch
08/May/18 18:05
127 kB
Eric Yang

Issue Links

breaks

YARN-8274 Docker command error during container relaunch

Resolved

is depended upon by

YARN-7654 Support ENTRY_POINT for docker container

Resolved

Activity

People

Assignee:: Eric Yang

Reporter:: Eric Yang

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 25/Apr/18 23:35

Updated:: 11/May/18 16:35

Resolved:: 08/May/18 20:47