[
https://issues.apache.org/jira/browse/MESOS-5845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15377310#comment-15377310
]
Megha commented on MESOS-5845:
------------------------------
Adding a bit more detail to Yan's comment about how we are addressing the
MESOS-5218. Fetcher will do the extraction with task user if provided,
otherwise framework user is used. Running the fetcher with a task user may not
work since it needs to read and write to fetcher cache. The fetcher currently
changes the ownership of the entire sandbox directory to task user again after
the fetch/extraction. The main idea of this change is to avoid it, so the
ownership of files laid out in the sandbox directory by entities like isolator
is not affected.
> The fetcher can access any local file as root
> ---------------------------------------------
>
> Key: MESOS-5845
> URL: https://issues.apache.org/jira/browse/MESOS-5845
> Project: Mesos
> Issue Type: Bug
> Reporter: Greg Mann
> Assignee: Greg Mann
> Labels: mesosphere
>
> The Mesos fetcher currently runs as root and does a blind cp+chown of any
> file:// URI into the task's sandbox, to be owned by the task user. Even if
> frameworks are restricted from running tasks as root, it seems they can still
> access root-protected files in this way. We should secure the fetcher so that
> it has the filesystem permissions of the user its associated task is being
> run as. One option would be to run the fetcher as the same user that the task
> will run as.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
