Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-6953

A compromised mesos-master node can execute code as root on agents.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.3.0
    • Component/s: security
    • Labels:

      Description

      mesos-master has a `--[no-]root_submissions` flag that controls whether frameworks with `root` user are admitted to the cluster.

      However, if a mesos-master node is compromised, it can attempt to schedule tasks on agent as the `root` user. Since mesos-agent has no check against tasks running on the agent for specific users, tasks can get run with `root` privileges can get run within the container on the agent.

        Attachments

          Activity

            People

            • Assignee:
              anindya.sinha Anindya Sinha
              Reporter:
              anindya.sinha Anindya Sinha
              Shepherd:
              Yan Xu
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: