mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhishek Dasgupta (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-5708) Add authz to /files/debug
Date Fri, 08 Jul 2016 08:54:11 GMT

    [ https://issues.apache.org/jira/browse/MESOS-5708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15367411#comment-15367411
] 

Abhishek Dasgupta commented on MESOS-5708:
------------------------------------------

We missed to update '/files/debug' endpoint document for authorization.
Posted a trivial patch for this : https://reviews.apache.org/r/49794/

> Add authz to /files/debug
> -------------------------
>
>                 Key: MESOS-5708
>                 URL: https://issues.apache.org/jira/browse/MESOS-5708
>             Project: Mesos
>          Issue Type: Task
>          Components: security
>            Reporter: Adam B
>            Assignee: Abhishek Dasgupta
>            Priority: Minor
>              Labels: mesosphere, security
>             Fix For: 1.0.0
>
>
> The /files/debug endpoint exposes the attached master/agent log paths and every attached
sandbox path, which includes the frameworkId and executorId. Even if sandboxes are protected,
we still don't want to expose this information to unauthorized users.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message