debug

Abhishek Dasgupta (JIRA) Fri, 08 Jul 2016 01:55:10 -0700

    [ 
https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15367411#comment-15367411
 ]


Abhishek Dasgupta commented on MESOS-5708:
------------------------------------------

We missed to update '/files/debug' endpoint document for authorization.
Posted a trivial patch for this : https://reviews.apache.org/r/49794/

> Add authz to /files/debug
> -------------------------
>
>                 Key: MESOS-5708
>                 URL: https://issues.apache.org/jira/browse/MESOS-5708
>             Project: Mesos
>          Issue Type: Task
>          Components: security
>            Reporter: Adam B
>            Assignee: Abhishek Dasgupta
>            Priority: Minor
>              Labels: mesosphere, security
>             Fix For: 1.0.0
>
>
> The /files/debug endpoint exposes the attached master/agent log paths and 
> every attached sandbox path, which includes the frameworkId and executorId. 
> Even if sandboxes are protected, we still don't want to expose this 
> information to unauthorized users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (MESOS-5708) Add authz to /files/debug

Reply via email to