[jira] [Commented] (MESOS-5588) Improve error handling when parsing acls.

Alexander Rojas (JIRA) Thu, 16 Jun 2016 07:32:51 -0700

    [ 
https://issues.apache.org/jira/browse/MESOS-5588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15333900#comment-15333900
 ]


Alexander Rojas commented on MESOS-5588:
----------------------------------------

[r/48781/|https://reviews.apache.org/r/48781/]: Marked some optional fields in 
state.json as required.

> Improve error handling when parsing acls.
> -----------------------------------------
>
>                 Key: MESOS-5588
>                 URL: https://issues.apache.org/jira/browse/MESOS-5588
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Joerg Schad
>            Assignee: Joerg Schad
>            Priority: Blocker
>              Labels: mesosphere, security
>             Fix For: 1.0.0
>
>
> During parsing of the authorizer errors are ignored. This can lead to 
> undetected security issues.
> Consider the following acl with an typo (usr instead of user)
> {code}
>    "view_frameworks": [
>                   {
>                     "principals": { "type": "ANY" },
>                     "usr": { "type": "NONE" }
>                   }
>                 ]
> {code}
> When the master is started with these flags it will interprete the acl int he 
> following way which gives any principal access to any framework.
> {noformat}
> view_frameworks {
>   principals {
>     type: ANY
>   }
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (MESOS-5588) Improve error handling when parsing acls.

Reply via email to