Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6866

Mesos agent not checking IDs before using them as part of the paths

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.2.0
    • security
    • None

    Description

      Various IDs are used in Mesos, some assigned by the master (AgentID, FrameworkID, etc) and some created by the frameworks (TaskID, ExecutorID etc).

      The master does sufficient validation on the IDs supplied by the frameworks and the agent currently just trusts that the IDs are valid because they have been validated.

      The problem is that currently any entity can spoof as the master to inject certain actions on the agent which can be executed as "root" and inflict harm on the system. The "right" long term fix is of course to prevent this from happening but as a short-term defensive measure we can insert some hard CHECKs on the validity of the IDs in the agent code paths.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. MESOS-6862 Replace os::system usages to reduce the risk of command injection.

          • Major - Major loss of function.
          • Resolved

          Task - A task that needs to be done. MESOS-7086 Tighten up rules on IDs used in Mesos

          • Major - Major loss of function.
          • Open

          Activity

            People

              xujyan Yan Xu
              xujyan Yan Xu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: