[
https://issues.apache.org/jira/browse/MESOS-5588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15334813#comment-15334813
]
Joerg Schad commented on MESOS-5588:
------------------------------------
The above review (if all issues are resolved) solves only one part of the
problem: i.e., that the object is missing.
This is imo the most prominent problem as it might end up allowing some action
for ANY object.
But the same problem can appear on the layer above, i.e., typos on the action
name level:
{code}
"view_XXXXframeworks": [
{
"principals": { "type": "ANY" },
"usr": { "type": "NONE" }
}
]
{code}
This would result in the ACLs for that action are not being considered.
One potential way to check that all acls are parsed could be the following
(note that a problem here is that we validate the protobuf, but the protobuf is
a valid):
We could get the action count from the json file (count the objects) and
compare it to the action count in the protobuf.
Any other ideas?
> Improve error handling when parsing acls.
> -----------------------------------------
>
> Key: MESOS-5588
> URL: https://issues.apache.org/jira/browse/MESOS-5588
> Project: Mesos
> Issue Type: Improvement
> Reporter: Joerg Schad
> Assignee: Joerg Schad
> Priority: Blocker
> Labels: mesosphere, security
> Fix For: 1.0.0
>
>
> During parsing of the authorizer errors are ignored. This can lead to
> undetected security issues.
> Consider the following acl with an typo (usr instead of user)
> {code}
> "view_frameworks": [
> {
> "principals": { "type": "ANY" },
> "usr": { "type": "NONE" }
> }
> ]
> {code}
> When the master is started with these flags it will interprete the acl int he
> following way which gives any principal access to any framework.
> {noformat}
> view_frameworks {
> principals {
> type: ANY
> }
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
