----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58242/#review171252 -----------------------------------------------------------
Patch looks great! Reviews applied: [58242] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker-build.sh - Mesos Reviewbot On April 6, 2017, 6:32 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58242/ > ----------------------------------------------------------- > > (Updated April 6, 2017, 6:32 p.m.) > > > Review request for mesos and Mesos Reviewbot. > > > Bugs: MESOS-7363 > https://issues.apache.org/jira/browse/MESOS-7363 > > > Repository: mesos > > > Description > ------- > > It is possible for a malicious client to send > libprocess SUBSCRIBE requests that will trigger the > !frameworks.principals.contains(...) CHECK. This can happen > if the client sends a subscribe with a framework ID, then a > second subscribe with a different framework ID but the same > UPID. The invariant in the master is that a UPID uniquely > identifies a given framework. This is violated if we allow > multiple frameworks with the same UPID. > > > Diffs > ----- > > src/linux/ldcache.cpp e93334465911d3ec37f38d51249486d5d317bdb3 > src/master/master.cpp 6a6a570e52d21bfb2443f981e3d7faf8c36f74bc > > > Diff: https://reviews.apache.org/r/58242/diff/1/ > > > Testing > ------- > > make checl (Fedora 25). Internal fuzzer run. > > > Thanks, > > James Peach > >
