Adam B created MESOS-6027:
-----------------------------
Summary: Executor stdout/stderr should not be world-readable
Key: MESOS-6027
URL: https://issues.apache.org/jira/browse/MESOS-6027
Project: Mesos
Issue Type: Bug
Reporter: Adam B
Running a Marathon service as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul 7 00:12 stderr
-rw-r--r--. 1 nobody nobody 208 Jul 7 00:12 stdout
{code}
As a user of a multi-tenant Mesos, I would expect my task logs to be
inaccessible to other users/tasks on the same node. Filesystem isolation helps
from one angle, but basic Linux filesystem permissions are just good practice.
There's no reason that any user other than the task user (i.e. the task itself)
and root (e.g. Mesos agent) should be able to access these logs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
