[
https://issues.apache.org/jira/browse/MESOS-6953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15840529#comment-15840529
]
Anindya Sinha commented on MESOS-6953:
--------------------------------------
The main motivation here is not allow agents to run tasks with {{root}}
privileges and do bad things on the agent. However, I agree we can extend this
to other operations such as {{TEARDOWN_FRAMEWORK}}, and maybe to
{{CREATE_VOLUME}} and {{DESTROY_VOLUME}} as well in addition to launching of
tasks.
If we decide to do a long term solution, that can be tracked separately. This
ticket captures what we can do right now to protect from the said scenario.
> A compromised mesos-master node can execute code as root on agents.
> -------------------------------------------------------------------
>
> Key: MESOS-6953
> URL: https://issues.apache.org/jira/browse/MESOS-6953
> Project: Mesos
> Issue Type: Bug
> Components: security
> Reporter: Anindya Sinha
> Assignee: Anindya Sinha
> Labels: security, slave
>
> mesos-master has a `--[no-]root_submissions` flag that controls whether
> frameworks with `root` user are admitted to the cluster.
> However, if a mesos-master node is compromised, it can attempt to schedule
> tasks on agent as the `root` user. Since mesos-agent has no check against
> tasks running on the agent for specific users, tasks can get run with `root`
> privileges can get run within the container on the agent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
