[jira] [Updated] (MESOS-1081) Master should not deactivate authenticated framework/slave on new AuthenticateMessage unless new authentication succeeds.

Vinod Kone (JIRA) Fri, 19 Sep 2014 17:36:12 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Vinod Kone updated MESOS-1081:
------------------------------
          Sprint: Mesos Q3 Sprint 5
        Assignee: Vinod Kone
    Story Points: 1

> Master should not deactivate authenticated framework/slave on new 
> AuthenticateMessage unless new authentication succeeds.
> -------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MESOS-1081
>                 URL: https://issues.apache.org/jira/browse/MESOS-1081
>             Project: Mesos
>          Issue Type: Bug
>          Components: master
>            Reporter: Adam B
>            Assignee: Vinod Kone
>              Labels: authentication, master, security
>
> Master should not deactivate an authenticated framework/slave upon receiving 
> a new AuthenticateMessage unless new authentication succeeds. As it stands 
> now, a malicious user could spoof the pid of an authenticated framework/slave 
> and send an AuthenticateMessage to knock a valid framework/slave off the 
> authenticated list, forcing the valid framework/slave to re-authenticate and 
> re-register. This could be used in a DoS attack.
> But how should we handle the scenario when the actual authenticated 
> framework/slave sends an AuthenticateMessage that fails authentication?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (MESOS-1081) Master should not deactivate authenticated framework/slave on new AuthenticateMessage unless new authentication succeeds.

Reply via email to