Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7292

Introduce a "sensitive mode" in Mesos which prevents leaks of sensitive data.

    XMLWordPrintableJSON

Details

    Description

      Consider a following scenario. A user passes some sensitive data in an environment variable to a task. These data may be logged by Mesos components, e.g., executor as part of mesos-containerizer invocation. While this is useful for debugging, this might be an issue in some production environments.

      One of the solution is to have global "sensitive mode", that turns off logging of such sensitive data.

      Attachments

        Issue Links

          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. MESOS-7421 Generally avoid leaking possibly sensitive data to logs.

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MESOS-8413 Zookeeper configuration passwords are shown in clear text

          • Major - Major loss of function.
          • Resolved
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. MESOS-8229 Make it possible to reliably inject environment variables into forked processes

          • Major - Major loss of function.
          • Open
          links to

          Web Link How Marathon handles ENV Variable security

          Web Link Mesos containerizer displays sensitive data via env variable in stdout

          Activity

            People

              Unassigned Unassigned
              alexr Alex R
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated: