Description
It is possible for a malicious client to send libprocess SUBSCRIBE requests that will trigger the !frameworks.principals.contains(...) CHECK. This can happen if the client sends a subscribe with a framework ID, then a second subscribe with a different framework ID but the same UPID. The invariant in the master is that a UPID uniquely identifies a given framework. This is violated if we allow multiple frameworks with the same UPID.
Attachments
Issue Links
- relates to
-
MESOS-7401 Optionally reject messages when UPIDs does not match IP.
- Resolved