[ https://issues.apache.org/jira/browse/MESOS-5761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15358496#comment-15358496 ]
Joerg Schad commented on MESOS-5761: ------------------------------------ The problem with orphaned tasks is that we don't necessarily access to the FrameworkInfo and hence we cannot authorize them as we would do for running/staged task (i.e., first check Task/TaskInfo and as fallback check FrameworInfo). I see three options for dealing with this problem: 1. Coarse granular authz for orphaned tasks Introduce a new acls/authz action for allowing a user to view orphaned tasks (i.e., all or none). 2. Add FrameworkInfo to Task (and then authorize orphaned Tasks the same way we would running/staged ones) The drawback here would be the increased size (and hence memory usage) for storing Tasks. FrameworkInfo can have large fields. Note that FrameworkInfo will be stored for each Task and hence potentially duplicated. 3. Add a new datastructure to the master storing a mapping of frameworkID to frameworkInfo (the frameworkInfo is part of Task and hence we can authorize orphaned Tasks the same way we would running/staged ones) This would lead to less storage overhead compared to 2, but might be a little more complex to implement as we have to fill/cleanup such datastructure. > Filter orphaned task from /state. > --------------------------------- > > Key: MESOS-5761 > URL: https://issues.apache.org/jira/browse/MESOS-5761 > Project: Mesos > Issue Type: Bug > Reporter: Joerg Schad > Assignee: Joerg Schad > > Currently, we don't filter orphaned tasks based on user authorization. This > can potentially expose sensitive information to users. -- This message was sent by Atlassian JIRA (v6.3.4#6332)