[jira] [Commented] (MESOS-5708) Add authz to /files/debug
[ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15369473#comment-15369473 ] Adam B commented on MESOS-5708: --- commit 49db3424bb6ad906596449668735dafbe744626f Author: Abhishek DasguptaDate: Sun Jul 10 00:56:42 2016 -0700 Added text for authorization in endpoint docs for '/files/debug'. Review: https://reviews.apache.org/r/49794/ > Add authz to /files/debug > - > > Key: MESOS-5708 > URL: https://issues.apache.org/jira/browse/MESOS-5708 > Project: Mesos > Issue Type: Task > Components: security >Reporter: Adam B >Assignee: Abhishek Dasgupta >Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /files/debug endpoint exposes the attached master/agent log paths and > every attached sandbox path, which includes the frameworkId and executorId. > Even if sandboxes are protected, we still don't want to expose this > information to unauthorized users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5708) Add authz to /files/debug
[ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15367411#comment-15367411 ] Abhishek Dasgupta commented on MESOS-5708: -- We missed to update '/files/debug' endpoint document for authorization. Posted a trivial patch for this : https://reviews.apache.org/r/49794/ > Add authz to /files/debug > - > > Key: MESOS-5708 > URL: https://issues.apache.org/jira/browse/MESOS-5708 > Project: Mesos > Issue Type: Task > Components: security >Reporter: Adam B >Assignee: Abhishek Dasgupta >Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /files/debug endpoint exposes the attached master/agent log paths and > every attached sandbox path, which includes the frameworkId and executorId. > Even if sandboxes are protected, we still don't want to expose this > information to unauthorized users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5708) Add authz to /files/debug
[ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15361635#comment-15361635 ] Abhishek Dasgupta commented on MESOS-5708: -- RR: https://reviews.apache.org/r/49600/ > Add authz to /files/debug > - > > Key: MESOS-5708 > URL: https://issues.apache.org/jira/browse/MESOS-5708 > Project: Mesos > Issue Type: Task > Components: security >Reporter: Adam B >Assignee: Abhishek Dasgupta >Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /files/debug endpoint exposes the attached master/agent log paths and > every attached sandbox path, which includes the frameworkId and executorId. > Even if sandboxes are protected, we still don't want to expose this > information to unauthorized users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5708) Add authz to /files/debug
[ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15360109#comment-15360109 ] Alexander Rojas commented on MESOS-5708: The only issue there is if we want to construct the files object with an authorizer, or if {{/files/debug}} should use a callback function as the sandboxes are protected. I like the first one better because its consistent with how the authorizers are build, but the second separates the files for even having to know about an authorizer. > Add authz to /files/debug > - > > Key: MESOS-5708 > URL: https://issues.apache.org/jira/browse/MESOS-5708 > Project: Mesos > Issue Type: Task > Components: security >Reporter: Adam B >Assignee: Abhishek Dasgupta >Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /files/debug endpoint exposes the attached master/agent log paths and > every attached sandbox path, which includes the frameworkId and executorId. > Even if sandboxes are protected, we still don't want to expose this > information to unauthorized users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (MESOS-5708) Add authz to /files/debug
[ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15359793#comment-15359793 ] Adam B commented on MESOS-5708: --- Hi [~a10gupta], thanks for signing up for this JIRA. We'd love to get it into the upcoming 1.0.0-rc2, and I'd be happy to shepherd you. After speaking to [~arojas], we were thinking of using coarse-grained authentication to secure the debug endpoint as a whole with a GET_ENDPOINT_WITH_PATH "/files/debug" ACL. Thoughts, questions, patches? If you don't have time in the next week, we may take the patch over so we can land it in time. > Add authz to /files/debug > - > > Key: MESOS-5708 > URL: https://issues.apache.org/jira/browse/MESOS-5708 > Project: Mesos > Issue Type: Task > Components: security >Reporter: Adam B >Assignee: Abhishek Dasgupta >Priority: Minor > Labels: mesosphere, security > Fix For: 1.0.0 > > > The /files/debug endpoint exposes the attached master/agent log paths and > every attached sandbox path, which includes the frameworkId and executorId. > Even if sandboxes are protected, we still don't want to expose this > information to unauthorized users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)