You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mesos.apache.org by "Benjamin Hindman (JIRA)" <ji...@apache.org> on 2014/01/17 17:58:20 UTC

[jira] [Updated] (MESOS-918) Allow safe input of commands with array-of-strings interface

     [ https://issues.apache.org/jira/browse/MESOS-918?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Hindman updated MESOS-918:
-----------------------------------

    Assignee: Benjamin Mahler

> Allow safe input of commands with array-of-strings interface
> ------------------------------------------------------------
>
>                 Key: MESOS-918
>                 URL: https://issues.apache.org/jira/browse/MESOS-918
>             Project: Mesos
>          Issue Type: Improvement
>          Components: slave
>            Reporter: Jason Dusek
>            Assignee: Benjamin Mahler
>            Priority: Minor
>              Labels: patch
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> The CommandInfo Protobuf allows specification of a command to run on the slave; but at present that command is always subject to shell interpretation. This makes safe handling of user input and programmatic generation of the commands all but impossible.
> If an alternate interface were offered, where an `execvp()` like array of arguments were accepted for specifying the command, then the old behaviour could be easily recovered by passing:
>     [ "sh", "-c", ... ]
> and the new behaviour would allow for greater safety and predictability in all other cases.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)