Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Core] Avoid base64 to prevent malware detection software misclassifying the commands #3589

Merged
merged 1 commit into from
May 26, 2024
Merged

[Core] Avoid base64 to prevent malware detection software misclassifying the commands #3589

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 9 additions & 13 deletions sky/backends/cloud_vm_ray_backend.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
"""Backend: runs on cloud virtual machines, managed by Ray."""
import base64
import copy
import enum
import functools
Expand All @@ -10,6 +9,7 @@
import os
import pathlib
import re
import shlex
import signal
import subprocess
import sys
Expand Down Expand Up @@ -141,9 +141,9 @@
# https://github.com/torvalds/linux/blob/master/include/uapi/linux/binfmts.h
#
# If a user have very long run or setup commands, the generated command may
# exceed the limit, as we encode the script in base64 and directly include it in
# the job submission command. If the command is too long, we instead write it to
# a file, rsync and execute it.
# exceed the limit, as we directly include scripts in job submission commands.
# If the command is too long, we instead write it to a file, rsync and execute
# it.
#
# We use 120KB as a threshold to be safe for other arguments that
# might be added during ssh.
Expand Down Expand Up @@ -3149,8 +3149,7 @@ def _setup_node(node_id: int) -> None:
runner = runners[node_id]
setup_script = log_lib.make_task_bash_script(setup,
env_vars=setup_envs)
encoded_script = base64.b64encode(
setup_script.encode('utf-8')).decode('utf-8')
encoded_script = shlex.quote(setup_script)
if (detach_setup or
len(encoded_script) > _MAX_INLINE_SCRIPT_LENGTH):
with tempfile.NamedTemporaryFile('w', prefix='sky_setup_') as f:
Expand All @@ -3163,9 +3162,8 @@ def _setup_node(node_id: int) -> None:
stream_logs=False)
create_script_code = 'true'
else:
create_script_code = (
f'{{ echo "{encoded_script}" | base64 --decode > '
f'{remote_setup_file_name}; }}')
create_script_code = (f'{{ echo {encoded_script} > '
f'{remote_setup_file_name}; }}')

if detach_setup:
return
Expand Down Expand Up @@ -3246,10 +3244,8 @@ def _exec_code_on_head(

mkdir_code = (f'{cd} && mkdir -p {remote_log_dir} && '
f'touch {remote_log_path}')
encoded_script = base64.b64encode(
codegen.encode('utf-8')).decode('utf-8')
create_script_code = (f'{{ echo "{encoded_script}" | base64 --decode > '
f'{script_path}; }}')
encoded_script = shlex.quote(codegen)
create_script_code = (f'{{ echo {encoded_script} > {script_path}; }}')
job_submit_cmd = (
f'RAY_DASHBOARD_PORT=$({constants.SKY_PYTHON_CMD} -c "from sky.skylet import job_lib; print(job_lib.get_job_submission_port())" 2> /dev/null || echo 8265);' # pylint: disable=line-too-long
f'{cd} && {constants.SKY_RAY_CMD} job submit '
Expand Down
Loading