You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Diana Arroyo (JIRA)" <ji...@apache.org> on 2015/08/31 16:34:46 UTC

[jira] [Commented] (MESOS-2382) replace unsafe "find | xargs" with "find -exec"

    [ https://issues.apache.org/jira/browse/MESOS-2382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14723477#comment-14723477 ] 

Diana Arroyo commented on MESOS-2382:
-------------------------------------

I did some analysis/testing on this ticket and found the following clarification:

The 'find' ('find python -name "build"...') command in the src/Makefile.am limits the problem described above to relative paths under the 'python' sub-directory ('mesos/build/src/python') with a space in the name since the results of the find command list relative path names not absolute path names.  I did test and verify that any sub-directory under 'mesos/build/src/python' with a space in the name would incur the problem but it should be noted that the naming of those sub-directories are controlled by the community (note: to test this problem I had to manually create a sub-directory with a space in the name under 'mesos/build/src/python' since the Mesos git repo does not have such an occurrence).  

I did verify the problem did not occur with a sub-directory with a space in the name higher in the path.  To accomplish this I did a 'make clean-python' in the 'src' directory with the following absolute path name to verify the problem did not occur: '/root/my mesos/mesos/build/src'.  Note: the testing was done in an ubuntu 14.04 system.

While my findings do limit the exposure to this problem it should be corrected to avoid unintended problems in the future with sub-directories under ''mesos/build/src/python'.   Any additional comments would be appreciated.  

> replace unsafe "find | xargs" with "find -exec"
> -----------------------------------------------
>
>                 Key: MESOS-2382
>                 URL: https://issues.apache.org/jira/browse/MESOS-2382
>             Project: Mesos
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.20.1
>            Reporter: Lukas Loesche
>            Assignee: Diana Arroyo
>              Labels: easyfix, patch
>
> The problem exists in
>  1194:src/Makefile.am
>  47:src/tests/balloon_framework_test.sh
> The current "find | xargs rm -rf" in the Makefile could potentially destroy data if mesos source was in a folder with a space in the name. E.g. if you for some reason checkout mesos to "/ mesos" the command in src/Makefile.am would turn into a rm -rf /
> "find | xargs" should be NUL delimited with "find -print0 | xargs -0" for safer execution or can just be replaced with the find build-in option "find -exec '{}' \+" which behaves similar to xargs.
> There was a second occurrence of this in a test script, though in that case it would only rmdir empty folders, so is less critical.
> I submitted a PR here: https://github.com/apache/mesos/pull/36



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)