hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13093) Discuss whether dfs -ls should escape control characters on terminal
Date Fri, 06 May 2016 18:42:12 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15274545#comment-15274545

Allen Wittenauer commented on HADOOP-13093:

*  HADOOP-13079 provides an option for users to use if they so chose.  
* It's pretty much impossible without limiting the character set that FileSystem, FileContext,
job names, and who knows what all to prevent non-printable characters from ever appearing
on the screen. This goes way beyond just HDFS.
* This is not a security issue with Apache Hadoop.  This is a security issue with certain
types of terminal emulation.  Even though this has been a known issue for decades, UNIX and
POSIX has not sought to require that implementations strip control characters from command
line utilities.
* GNU and some BSD implementations have limited ls and ONLY ls in certain contexts.  They
have NOT limited or even provided the capability to limit control characters from other programs
that print directory and file names.  (Keep in mind that ftpd traditionally used ls to read
content, thus it may have been possible to use ls as a malicious attack against a root process.)

> Discuss whether dfs -ls should escape control characters on terminal
> --------------------------------------------------------------------
>                 Key: HADOOP-13093
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13093
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>            Reporter: John Zhuge
>            Assignee: John Zhuge
> HADOOP-13079 adds option {{-q}} to {{dfs -ls}} to print non-printable characters as "?".
This jira will decide whether to make {{-q}} the default for {{dfs -ls}} on a terminal.
> This is a split of HADOOP-13079. The split gives us more time to debate the proper default
behavior and enables different target versions.
> To test whether STDOUT is connected to a terminal, I will use {{System.console() != null}},
fully aware its limitation. JNI {{isatty(3)}} is possible but too problematic as pointed out
by [~cmccabe].
> I will survey FsShell and hdfs commands and their proper expected default behaviors.
Thanks [~andrew.wang] for the suggestion. More jiras may follow.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message