[jira] [Comment Edited] (MESOS-7401) Optionally reject messages when UPIDs does not match IP.

Thu, 18 May 2017 08:15:17 -0700 

    [ 
https://issues.apache.org/jira/browse/MESOS-7401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15973523#comment-15973523
 ] 

James Peach edited comment on MESOS-7401 at 5/18/17 3:14 PM:
-------------------------------------------------------------

| [https://reviews.apache.org/r/58517/|https://reviews.apache.org/r/58517/] 
|Update SlaveRecoveryTest to send libprocess messages from a real UPID. |
| [https://reviews.apache.org/r/58224/|https://reviews.apache.org/r/58224/] 
|Optionally verify the source IP address for libprocess messages. |
| [https://reviews.apache.org/r/58977/|https://reviews.apache.org/r/58977/] 
|Add local and peer address accessors to http::Connection. |
| [https://reviews.apache.org/r/59341/|https://reviews.apache.org/r/59341/] | 
Fix gethostname() error message.|
| [https://reviews.apache.org/r/59342/|https://reviews.apache.org/r/59342/] 
|Improve listen address detection code comments. |
| [https://reviews.apache.org/r/59343/|https://reviews.apache.org/r/59343/] | 
Add a process ID for RemoteProcess in the libprocess tests.|
| [https://reviews.apache.org/r/58928/|https://reviews.apache.org/r/58928/] | 
Update process tests to use a non-zero UPID. | 
| [https://reviews.apache.org/r/59344/ | https://reviews.apache.org/r/59344/] | 
Make libprocess flags global.|


was (Author: jamespeach):
| [https://reviews.apache.org/r/58517/|https://reviews.apache.org/r/58517/] 
|Update SlaveRecoveryTest to send libprocess messages from a real UPID. |
| [https://reviews.apache.org/r/58224/|https://reviews.apache.org/r/58224/] 
|Optionally verify the source IP address for libprocess messages. |


> Optionally reject messages when UPIDs does not match IP.
> --------------------------------------------------------
>
>                 Key: MESOS-7401
>                 URL: https://issues.apache.org/jira/browse/MESOS-7401
>             Project: Mesos
>          Issue Type: Bug
>          Components: libprocess
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
>
> {{libprocess}} does no validation of the peer UPID so in some deployments it 
> is trivial to inject bogus messages and impersonate legitimate actors. If we 
> add a check to verify that messages are received from the same IP address as 
> the peer UPID claims to be using, we can increase the difficulty of UPID 
> spoofing, and mitigate this somewhat.
> For compatibility, this has to be an optional setting and disabled by default.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to