Benjamin Bannier created MESOS-9119:
---------------------------------------
Summary: Audit authn/authz state of endpoints exposed by Mesos and
libprocess
Key: MESOS-9119
URL: https://issues.apache.org/jira/browse/MESOS-9119
Project: Mesos
Issue Type: Task
Components: agent, libprocess, master
Reporter: Benjamin Bannier
Currently, a number of endpoints are e.g., not authorized. While Mesos uses
infrastructure provided by libprocess to authenticate requests to its
endpoints, we do not always authorize all Mesos endpoints. Even worse, there
seems to exists no libprocess to perform authorization, but we hook it manually
into Mesos infrastructure for a number of endpoints,
{code}
/// From `src/common/http.cpp, lines 97ff:
///
// Set of endpoint whose access is protected with the authorization
// action `GET_ENDPOINTS_WITH_PATH`.
hashset<string> AUTHORIZABLE_ENDPOINTS{
"/containers",
"/files/debug",
"/files/debug.json",
"/logging/toggle",
"/metrics/snapshot",
"/monitor/statistics",
"/monitor/statistics.json"};
{code}
Notably absent from that list is e.g., the {{__processes__}} endpoint.
We should audit all endpoints currently exposed by Mesos master or agent
process, or any process using libprocess. We should set them up in a way which
allows operators to e.g., deny all requests by default.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
