[
https://issues.apache.org/jira/browse/MESOS-5845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam B updated MESOS-5845:
--------------------------
Labels: mesosphere security (was: mesosphere)
> The fetcher can access any local file as root
> ---------------------------------------------
>
> Key: MESOS-5845
> URL: https://issues.apache.org/jira/browse/MESOS-5845
> Project: Mesos
> Issue Type: Bug
> Components: fetcher
> Reporter: Greg Mann
> Assignee: Greg Mann
> Labels: mesosphere, security
>
> The Mesos fetcher currently runs as root and does a blind cp+chown of any
> file:// URI into the task's sandbox, to be owned by the task user. Even if
> frameworks are restricted from running tasks as root, it seems they can still
> access root-protected files in this way. We should secure the fetcher so that
> it has the filesystem permissions of the user its associated task is being
> run as. One option would be to run the fetcher as the same user that the task
> will run as.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
