Re: Review Request 58224: RFC: Add some consistency checks for libprocess UPIDs.

Fri, 07 Apr 2017 05:39:00 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/#review171330
-----------------------------------------------------------




3rdparty/libprocess/src/process.cpp
Lines 471-477 (patched)
<https://reviews.apache.org/r/58224/#comment244240>

    I think `SocketSession` or `SocketConnection` are better names for this 
abstraction, since it better describes the intention of its usage.



3rdparty/libprocess/src/process.cpp
Lines 841-843 (original), 851-853 (patched)
<https://reviews.apache.org/r/58224/#comment244241>

    For what I saw, every time the `context` is around, it appears with the 
`socket` itself and the `decoder`. Why not puting them (the socket and the 
decoder) inside the context and let it manage their lifetimes.


- Alexander Rojas


On April 6, 2017, 12:15 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58224/
> -----------------------------------------------------------
> 
> (Updated April 6, 2017, 12:15 a.m.)
> 
> 
> Review request for mesos and Mesos Reviewbot.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> In general, libprocess is unable to validate that a peer is a legitimate
> owner of the UPID it claims in a libprocess message. This change adds
> 2 checks that make impersonation somewhat harder.
> 
> First, we bind the first UPID to the socket context. This prevents a
> peer attempting to switch UPIDs during a session.
> 
> Second, we enforce that the IP address in the UPID matches the peer
> address. This makes spoofing the UPID harder (eg. to send authenticated
> messages), but also breaks some legitimate configurations, particularly
> on multihomed hosts.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp 
> d0cba0c2299bddfedeb8bfde5b93aae733a9cd5b 
> 
> 
> Diff: https://reviews.apache.org/r/58224/diff/1/
> 
> 
> Testing
> -------
> 
> Minimal manual testing.
> 
> 
> Thanks,
> 
> James Peach
> 
>

Reply via email to