> On June 24, 2016, 5:57 p.m., Joshua Cohen wrote: > > I'm not super familiar with the Mesos resource fetcher, but I'm assuming > > Mesos does not apply any access control on the uris grabbed by the fetcher > > (based on the fact that we already use this to grab the thermos executor > > from whatever path is configured via the scheduler command line)? > > > > Am I missing something, or is this potentially a privilege escalation to > > just blindly allow user tasks to grab arbitrary URIs into their sandbox? Is > > there any way to control this? I think at the very least we should wire > > this functionality off by default via a command line flag, rejecting any > > tasks that request uris in this fashion if it's not explicitly enabled.
Mesos does not apply any access control and it could lead a security issue. As far as I know, the only way of controlling this is by filtering the URIs on the serverside (i.e. whitelist/blacklist). Turning this off by default and having it be a configuration is a great option while a more refined solution is created. For now, the other way I'm combatting this is by never allowing the URI grabbed to be set as an executable. - Renan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/49218/#review139426 ----------------------------------------------------------- On June 24, 2016, 4:01 p.m., Renan DelValle wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/49218/ > ----------------------------------------------------------- > > (Updated June 24, 2016, 4:01 p.m.) > > > Review request for Aurora. > > > Repository: aurora > > > Description > ------- > > Adding a URIs field to TaskConfig inside the ThriftAPI so that users are able > to specify resources they wish to download into the sandbox per job. > > > Diffs > ----- > > api/src/main/thrift/org/apache/aurora/gen/api.thrift > 3e6daf444453dd563dd7a2d494cc95e9a0aba0b6 > src/main/java/org/apache/aurora/scheduler/base/TaskTestUtil.java > 4089b79da8079243703eead884e80bcf736f8b29 > src/main/java/org/apache/aurora/scheduler/mesos/MesosTaskFactory.java > 3b01801d929dd61ee989495bf38af8f03e9f5ad4 > src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigManager.java > c76164292cf62d2181374c09f8bf6d8d3358e982 > src/main/java/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.java > 571201094c1e576e496495a01cb83f6c57decfa8 > > src/main/java/org/apache/aurora/scheduler/storage/db/migration/V007_CreateURIsTable.java > PRE-CREATION > > src/main/java/org/apache/aurora/scheduler/storage/db/views/DbTaskConfig.java > a90cb00e240df25dce6d55728859768e22d741a6 > > src/main/resources/org/apache/aurora/scheduler/storage/db/TaskConfigMapper.xml > 2c8af8b88e41b3b381cac831fd43b1057e4df0aa > src/main/resources/org/apache/aurora/scheduler/storage/db/schema.sql > 5069bedc08bb7111d0e0f101c8a2c81495b97bc9 > > src/test/java/org/apache/aurora/scheduler/mesos/MesosTaskFactoryImplTest.java > 58785bfa37ff214f26e9f94d836e6df40e411c3b > src/test/java/org/apache/aurora/scheduler/thrift/Fixtures.java > a883b0e33bfec1d14e6fe4ee8ed2200d93acaeec > > Diff: https://reviews.apache.org/r/49218/diff/ > > > Testing > ------- > > ./gradlew build -Pq > ./build-support/jenkins/build.sh > bash src/test/sh/org/apache/aurora/e2e/test_end_to_end.sh > > > Thanks, > > Renan DelValle > >
