mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-5588) Improve error handling when parsing acls.
Date Thu, 09 Jun 2016 21:09:21 GMT

    [ https://issues.apache.org/jira/browse/MESOS-5588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15323362#comment-15323362
] 

Adam B commented on MESOS-5588:
-------------------------------

Looks related to https://issues.apache.org/jira/browse/MESOS-5406

> Improve error handling when parsing acls.
> -----------------------------------------
>
>                 Key: MESOS-5588
>                 URL: https://issues.apache.org/jira/browse/MESOS-5588
>             Project: Mesos
>          Issue Type: Improvement
>            Reporter: Joerg Schad
>            Assignee: Joerg Schad
>
> During parsing of the authorizer errors are ignored. This can lead to undetected security
issues.
> Consider the following acl with an typo (usr instead of od user)
> {code}
>    "view_frameworks": [
>                   {
>                     "principals": { "type": "ANY" },
>                     "usr": { "type": "NONE" }
>                   }
>                 ]
> {code}
> When the master is started with these flags it will interprete the acl int he following
way which gives any principal access to any framework.
> {noformat}
> view_frameworks {
>   principals {
>     type: ANY
>   }
> }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message