Greg Mann created MESOS-5845:
--------------------------------
Summary: The fetcher can access any local file as root
Key: MESOS-5845
URL: https://issues.apache.org/jira/browse/MESOS-5845
Project: Mesos
Issue Type: Bug
Reporter: Greg Mann
The Mesos fetcher currently runs as root and does a blind cp+chown of any
file:// URI into the task's sandbox, to be owned by the task user. Even if
frameworks are restricted from running tasks as root, it seems they can still
access root-protected files in this way. We should secure the fetcher so that
it has the filesystem permissions of the user its associated task is being run
as. One option would be to run the fetcher as the same user that the task will
run as.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
