[
https://issues.apache.org/jira/browse/MESOS-6866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816707#comment-15816707
]
Joseph Wu commented on MESOS-6866:
----------------------------------
I noticed that the framework can pass an empty string as a "valid"
{{ExecutorID}}. This results in slightly malformed sandbox paths:
i.e. {{.../slaves/.../frameworks/.../executors/runs/...}}
Instead of {{.../slaves/.../frameworks/.../executors/.../runs/...}}
I think the agent can handle this case well enough (it doesn't appear to fall
over), but we may still want to dis-allow empty {{ExecutorID}}s.
> Mesos agent not checking IDs before using them as part of the paths
> -------------------------------------------------------------------
>
> Key: MESOS-6866
> URL: https://issues.apache.org/jira/browse/MESOS-6866
> Project: Mesos
> Issue Type: Bug
> Components: security
> Reporter: Yan Xu
> Assignee: Yan Xu
>
> Various IDs are used in Mesos, some assigned by the master (AgentID,
> FrameworkID, etc) and some created by the frameworks (TaskID, ExecutorID etc).
> The master does sufficient validation on the IDs supplied by the frameworks
> and the agent currently just trusts that the IDs are valid because they have
> been validated.
> The problem is that currently any entity can spoof as the master to inject
> certain actions on the agent which can be executed as "root" and inflict harm
> on the system. The "right" long term fix is of course to prevent this from
> happening but as a short-term defensive measure we can insert some hard
> CHECKs on the validity of the IDs in the agent code paths.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
