You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Gilbert Song (JIRA)" <ji...@apache.org> on 2016/05/16 20:19:13 UTC

[jira] [Commented] (MESOS-5388) MesosContainerizerLaunch flags execute arbitrary commands via shell

    [ https://issues.apache.org/jira/browse/MESOS-5388?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15285218#comment-15285218 ] 

Gilbert Song commented on MESOS-5388:
-------------------------------------

[~jdef]thanks for reporting the issue.

To better understand, is this issue referring that any arbitrary commands may be included in `container_path`? which make it dangerous since we will run a shell command including that `contianer_path`.

First, we should do more on users, and we have MESOS-4936 to support container capabilities.

Second, container_path should not be regarded as totally without sanitation (we should do more though), because in docker volume isolator prepare() we will `mkdir` for the container_path:
https://github.com/apache/mesos/blame/bd9d208972dbfae4e0d15b053b754de3e02a763e/src/slave/containerizer/mesos/isolators/docker/volume/isolator.cpp#L375~#L380
which will cause a failure in prepare() before we set CommandInof.commands, so many dangerous commands attached with the container_path should be filtered out.

> MesosContainerizerLaunch flags execute arbitrary commands via shell
> -------------------------------------------------------------------
>
>                 Key: MESOS-5388
>                 URL: https://issues.apache.org/jira/browse/MESOS-5388
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: James DeFelice
>              Labels: mesosphere, security
>
> For example, the docker volume isolator's containerPath is appended (without sanitation) to a command that's executed in this manner. As such, it's possible to inject arbitrary shell commands to be executed by mesos.
> https://github.com/apache/mesos/blob/17260204c833c643adf3d8f36ad8a1a606ece809/src/slave/containerizer/mesos/launch.cpp#L206
> Perhaps instead of strings these commands could/should be sent as string arrays that could be passed as argv arguments w/o shell interpretation?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)