[
https://issues.apache.org/jira/browse/MESOS-7086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15881277#comment-15881277
]
Yan Xu commented on MESOS-7086:
-------------------------------
{noformat:title=}
commit eb3263af2730dbc17db3e35286e58b44092c08da
Author: Jiang Yan Xu <[email protected]>
Commit: Yan Xu <[email protected]>
Disallowed some special path components in IDs.
- Such IDs should lead to surprising or even dangerous agent side
directory structure.
Review: https://reviews.apache.org/r/56527
{noformat}
Committed the above but will follow up with a discussion on switching to a
white list model when validating names and IDs in Mesos.
> Tighten up rules on IDs used in Mesos
> -------------------------------------
>
> Key: MESOS-7086
> URL: https://issues.apache.org/jira/browse/MESOS-7086
> Project: Mesos
> Issue Type: Task
> Reporter: Yan Xu
> Assignee: Yan Xu
>
> We currently have pretty relaxed rules on validity of IDs (e.g., TaskID,
> ExecutorID, PersistenceID):
> https://github.com/apache/mesos/blob/7a3df44eb6a59bd95604fd38a18dc745363d468d/src/common/validation.cpp
> https://github.com/apache/mesos/blob/7a3df44eb6a59bd95604fd38a18dc745363d468d/src/slave/validation.cpp#L40
> We should tighten up the restrictions to prevent misleading and exploitable
> ID and document these rules.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
