Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9638

Mesos masters do not authenticate with agents.

    XMLWordPrintableJSON

Details

    Description

      Currently Mesos agents do not verify that the messages they receive are coming from the leading master and haven't been tampered with. In untrusted environments this can be a source of security issues.

      There are a couple of ways to fix this:
      1) implement Master authentication on the transport or application level for each agent<->master connection (this might not be sufficient to distinguish a master from the leading master)
      2) implement Master authentication on the transport level (for the connection to be encrypted) upon agent registration and pass a secret to the master for all subsequent, possibly separate and unencrypted, connections (the secret can be leaked on an unencrypted connection).

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MESOS-9774 Design client side SSL certificate verification in Libprocess.

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              alexr Alex R
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: