[jira] [Issue Comment Deleted] (MESOS-9349) Prevent ptracing of container management processes.

Gavin (JIRA) Mon, 29 Apr 2019 02:31:38 -0700


     [ 
https://issues.apache.org/jira/browse/MESOS-9349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Gavin updated MESOS-9349:
-------------------------
    Comment: was deleted

(was: www.rtat.net)

> Prevent ptracing of container management processes.
> ---------------------------------------------------
>
>                 Key: MESOS-9349
>                 URL: https://issues.apache.org/jira/browse/MESOS-9349
>             Project: Mesos
>          Issue Type: Improvement
>          Components: containerization, security
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
>
> The container launcher and the built-in executors are (at least partially) 
> accessible to containerized user tasks. Since these processes may contain 
> secrets or hold privileged resources, we can increase the difficulty of 
> attacking them by preventing user tasks attaching to them with ptrace(2). 
> This amounts to calling `prctl(PR_SET_DUMPABLE, 0)`.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Issue Comment Deleted] (MESOS-9349) Prevent ptracing of container management processes.

Reply via email to