[
https://issues.apache.org/jira/browse/MESOS-5845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15376112#comment-15376112
]
Yan Xu commented on MESOS-5845:
-------------------------------
This is related of MESOS-5218 but we are looking at it from a different angle.
Note that the fetcher process writes to the fetcher cache as well so running it
as the task user results in files in the fetcher being owned by different task
user. (For MESOS-5218 we are running only the decompression part in the fetcher
as the task user). Should the correct solution for this ticket be to have the
agent running as a special user (e.g., 'mesos') with sufficient capabilities to
do containerization?
> The fetcher can access any local file as root
> ---------------------------------------------
>
> Key: MESOS-5845
> URL: https://issues.apache.org/jira/browse/MESOS-5845
> Project: Mesos
> Issue Type: Bug
> Reporter: Greg Mann
> Assignee: Greg Mann
> Labels: mesosphere
>
> The Mesos fetcher currently runs as root and does a blind cp+chown of any
> file:// URI into the task's sandbox, to be owned by the task user. Even if
> frameworks are restricted from running tasks as root, it seems they can still
> access root-protected files in this way. We should secure the fetcher so that
> it has the filesystem permissions of the user its associated task is being
> run as. One option would be to run the fetcher as the same user that the task
> will run as.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
