You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Lukas Loesche (JIRA)" <ji...@apache.org> on 2015/02/23 12:05:11 UTC

[jira] [Updated] (MESOS-2382) replace unsafe "find | xargs" with "find -exec"

     [ https://issues.apache.org/jira/browse/MESOS-2382?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lukas Loesche updated MESOS-2382:
---------------------------------
    Description: 
The problem exists in
 1194:src/Makefile.am
 47:src/tests/balloon_framework_test.sh

The current "find | xargs rm -rf" in the Makefile could potentially destroy data if mesos source was in a folder with a space in the name. E.g. if you for some reason checkout mesos to "/ mesos" the command in src/Makefile.am would turn into a rm -rf /

"find | xargs" should be NUL delimited with "find -print0 | xargs -0" for safer execution or can just be replaced with the find build-in option "find -exec '{}' \+" which behaves similar to xargs.

There was a second occurrence of this in a test script, though in that case it would only rmdir empty folders, so is less critical.

I submitted a PR here: https://github.com/apache/mesos/pull/36


  was:
The problem exists in
 1194:src/Makefile.am
 47:src/tests/balloon_framework_test.sh

The current "find | xargs rm -rf" in the Makefile could potentially destroy data if mesos source was in a folder with a space in the name. E.g. if you for some reason checkout mesos to "/ mesos" the command in src/Makefile.am would turn into a rm -rf /

"find | xargs" should be NUL delimited with "find -print0 | xargs -0" for safer execution or can just be replaced with the find build-in option "find -exec '{}' \\+" which behaves similar to xargs.

There was a second occurrence of this in a test script, though in that case it would only rmdir empty folders, so is less critical.

I submitted a PR here: https://github.com/apache/mesos/pull/36



> replace unsafe "find | xargs" with "find -exec"
> -----------------------------------------------
>
>                 Key: MESOS-2382
>                 URL: https://issues.apache.org/jira/browse/MESOS-2382
>             Project: Mesos
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.20.1
>            Reporter: Lukas Loesche
>              Labels: easyfix, patch
>
> The problem exists in
>  1194:src/Makefile.am
>  47:src/tests/balloon_framework_test.sh
> The current "find | xargs rm -rf" in the Makefile could potentially destroy data if mesos source was in a folder with a space in the name. E.g. if you for some reason checkout mesos to "/ mesos" the command in src/Makefile.am would turn into a rm -rf /
> "find | xargs" should be NUL delimited with "find -print0 | xargs -0" for safer execution or can just be replaced with the find build-in option "find -exec '{}' \+" which behaves similar to xargs.
> There was a second occurrence of this in a test script, though in that case it would only rmdir empty folders, so is less critical.
> I submitted a PR here: https://github.com/apache/mesos/pull/36



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)