[jira] [Assigned] (MESOS-6027) Executor stdout/stderr should not be world-readable

Gaojin CAO (JIRA) Thu, 11 Aug 2016 01:58:38 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-6027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Gaojin CAO reassigned MESOS-6027:
---------------------------------

    Assignee: Gaojin CAO

> Executor stdout/stderr should not be world-readable
> ---------------------------------------------------
>
>                 Key: MESOS-6027
>                 URL: https://issues.apache.org/jira/browse/MESOS-6027
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Adam B
>            Assignee: Gaojin CAO
>              Labels: newbie, security
>
> Running a task as 'nobody':
> {code}
> sh -c 'whoami && ls -l && sleep 1001'
> nobody
> -rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
> -rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
> {code}
> As a user of a multi-tenant Mesos, I would expect my task logs to be 
> inaccessible to other users/tasks on the same node. Filesystem isolation 
> helps from one angle, but basic Linux filesystem permissions are just good 
> practice.
> There's no reason that any user other than the task user (i.e. the task 
> itself) and root (e.g. Mesos agent) should be able to access these logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (MESOS-6027) Executor stdout/stderr should not be world-readable

Reply via email to