-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/
-----------------------------------------------------------
(Updated May 2, 2017, 5:59 p.m.)
Review request for mesos and Benjamin Mahler.
Changes
-------
Rebased and split tests.
Bugs: MESOS-7401
https://issues.apache.org/jira/browse/MESOS-7401
Repository: mesos
Description
-------
In general, libprocess is unable to validate that a peer
is a legitimate owner of the UPID it claims in a libprocess
message. This change adds a check that the IP address in the
UPID matches the peer address. This makes spoofing the UPID
harder (eg. to send authenticated messages), but also breaks
some legitimate configurations, particularly on multihomed
hosts.
Diffs (updated)
-----
3rdparty/libprocess/src/process.cpp f5b666f894215cb1861c244c94b382e0739bc5c9
Diff: https://reviews.apache.org/r/58224/diff/3/
Changes: https://reviews.apache.org/r/58224/diff/2-3/
Testing
-------
make check (Fedora 25). Light manual testing.
With LIBPROCESS_pin_peer_address=true, all Mesos tests pass except
``ExamplesTest.DiskFullFramework``, however enabling this will definitely break
some libprocess APIs (though not in the way that Mesos uses them) and
legitimate multi-homed configurations. Note that setting
LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why
``ExamplesTest.DiskFullFramework`` breaks.
Thanks,
James Peach
