[
https://issues.apache.org/jira/browse/MESOS-6526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yan Xu updated MESOS-6526:
--------------------------
Target Version/s: 1.1.1, 1.2.0 (was: 1.1.0, 1.2.0)
> `mesos-containerizer launch --environment` exposes executor env vars in `ps`.
> -----------------------------------------------------------------------------
>
> Key: MESOS-6526
> URL: https://issues.apache.org/jira/browse/MESOS-6526
> Project: Mesos
> Issue Type: Bug
> Components: containerization
> Affects Versions: 1.1.0
> Reporter: Yan Xu
> Assignee: Yan Xu
> Priority: Critical
>
> With MESOS-6323, the helper {{mesos-containerizer launch}} takes a
> `--environment` flag for the env vars used by the executor. This is
> unpleasant because its a common practice that people use env vars to hide
> configs that are sensitive and now it's visible to non-root users on the host
> with a {{ps}} command.
> Given that we want to separate the environments of {{mesos-containerizer
> launch}} and the executor itself, perhaps we can just package and serialize
> the executor env vars in one env var {{MESOS_EXECUTOR_ENVIRONMENT}} and pass
> that to {{mesos-containerizer launch}} which could then get it through a flag
> the usual way.
> In general Mesos should do more to protect env vars but I'll file separate
> issues for them.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
