James Peach created MESOS-7363:
----------------------------------
Summary: Improver master robustness against duplicate UPIDs
Key: MESOS-7363
URL: https://issues.apache.org/jira/browse/MESOS-7363
Project: Mesos
Issue Type: Bug
Components: master
Reporter: James Peach
It is possible for a malicious client to send libprocess SUBSCRIBE requests
that will trigger the {{!frameworks.principals.contains(...)}} CHECK. This can
happen if the client sends a subscribe with a framework ID, then a second
subscribe with a different framework ID but the same UPID. The invariant in the
master is that a UPID uniquely identifies a given framework. This is violated
if we allow multiple frameworks with the same UPID.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
