You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Kevin Klues (JIRA)" <ji...@apache.org> on 2016/09/23 02:03:20 UTC

[jira] [Created] (MESOS-6235) Add 'argv' variant of 'os::system'

Kevin Klues created MESOS-6235:
----------------------------------

             Summary: Add 'argv' variant of 'os::system'
                 Key: MESOS-6235
                 URL: https://issues.apache.org/jira/browse/MESOS-6235
             Project: Mesos
          Issue Type: Task
            Reporter: Kevin Klues
             Fix For: 1.0.2


The {{os::system()}} function always spawns whatever string you pass to is a a direct argument to {{sh -c '<arg_string>'}}. However, this can be problematic if you build {{<arg_string>}} from user supplied input and they have the opportunity to inject arbitrary commands at the end of it (e.g. by adding a "; rm -rf" as part of the last user supplied argument).

To counter this, we should introduce a variant of {{os::system()}} that takes a single command and a list of args (similar to the {{posix_spawn()}} function.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)