You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+30Lines changed: 30 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -729,6 +729,36 @@ information to disable it if so.
729
729
730
730
See [safeprefetch](src/main/site/safeprefetch.md)
731
731
732
+
## Command `tarhardened`
733
+
734
+
Verify the hadoop release has had its untar command hardened and will
735
+
not evaluate commands passed in as filenames.
736
+
737
+
```bash
738
+
bin/hadoop jar $CLOUDSTORE tarhardened "file.tar; true"
739
+
```
740
+
741
+
*Bad*
742
+
743
+
```
744
+
Attempting to untar file with name "file.tar; true"
745
+
untar operation reported success
746
+
747
+
2023-01-27 16:42:35,931 [main] INFO util.ExitUtil (ExitUtil.java:terminate(124)) - Exiting with status 0
748
+
```
749
+
750
+
Although the file doesn't exist, the bash "true" command was executed after the untar, so
751
+
the operation was reported as a success.
752
+
753
+
*Good*
754
+
755
+
```
756
+
2023-01-27 16:48:44,461 [main] INFO util.ExitUtil (ExitUtil.java:terminate(210)) - Exiting with status -1: ExitCodeException exitCode=1: tar: Error opening archive: Failed to open 'file.tar; true'
757
+
758
+
```
759
+
760
+
The file `file.tar; true` was attempted to be opened; as it is not present the operation failed.
761
+
Expect a stack trace in the report
732
762
## Command `tlsinfo`
733
763
734
764
Print out tls information. The `storediag` command prints the same information;
0 commit comments