Adam B created MESOS-1081:
-----------------------------
Summary: Master should not deactivate authenticated
framework/slave on new AuthenticateMessage unless new authentication succeeds.
Key: MESOS-1081
URL: https://issues.apache.org/jira/browse/MESOS-1081
Project: Mesos
Issue Type: Bug
Components: master
Reporter: Adam B
Master should not deactivate an authenticated framework/slave upon receiving a
new AuthenticateMessage unless new authentication succeeds. As it stands now, a
malicious user could spoof the pid of an authenticated framework/slave and send
an AuthenticateMessage to knock a valid framework/slave off the authenticated
list, forcing the valid framework/slave to re-authenticate and re-register.
This could be used in a DoS attack.
But how should we handle the scenario when the actual authenticated
framework/slave sends an AuthenticateMessage that fails authentication?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
