Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-7363

Improver master robustness against duplicate UPIDs

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.3.0
    • Component/s: master
    • Labels:
      None

      Description

      It is possible for a malicious client to send libprocess SUBSCRIBE requests that will trigger the !frameworks.principals.contains(...) CHECK. This can happen if the client sends a subscribe with a framework ID, then a second subscribe with a different framework ID but the same UPID. The invariant in the master is that a UPID uniquely identifies a given framework. This is violated if we allow multiple frameworks with the same UPID.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jamespeach James Peach
                Reporter:
                jamespeach James Peach
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: