[jira] [Updated] (MESOS-6027) Executor stdout/stderr should not be world-readable

Adam B (JIRA) Thu, 11 Aug 2016 00:26:51 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-6027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Adam B updated MESOS-6027:
--------------------------
    Description: 
Running a task as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
-rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
{code}

As a user of a multi-tenant Mesos, I would expect my task logs to be 
inaccessible to other users/tasks on the same node. Filesystem isolation helps 
from one angle, but basic Linux filesystem permissions are just good practice.

There's no reason that any user other than the task user (i.e. the task itself) 
and root (e.g. Mesos agent) should be able to access these logs.

  was:
Running a Marathon service as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
-rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
{code}

As a user of a multi-tenant Mesos, I would expect my task logs to be 
inaccessible to other users/tasks on the same node. Filesystem isolation helps 
from one angle, but basic Linux filesystem permissions are just good practice.

There's no reason that any user other than the task user (i.e. the task itself) 
and root (e.g. Mesos agent) should be able to access these logs.


> Executor stdout/stderr should not be world-readable
> ---------------------------------------------------
>
>                 Key: MESOS-6027
>                 URL: https://issues.apache.org/jira/browse/MESOS-6027
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Adam B
>              Labels: security
>
> Running a task as 'nobody':
> {code}
> sh -c 'whoami && ls -l && sleep 1001'
> nobody
> -rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
> -rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
> {code}
> As a user of a multi-tenant Mesos, I would expect my task logs to be 
> inaccessible to other users/tasks on the same node. Filesystem isolation 
> helps from one angle, but basic Linux filesystem permissions are just good 
> practice.
> There's no reason that any user other than the task user (i.e. the task 
> itself) and root (e.g. Mesos agent) should be able to access these logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (MESOS-6027) Executor stdout/stderr should not be world-readable

Reply via email to