mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Mann (JIRA)" <>
Subject [jira] [Updated] (MESOS-5845) The fetcher can access any local file as root
Date Thu, 14 Jul 2016 00:42:20 GMT


Greg Mann updated MESOS-5845:
    Shepherd: Jie Yu
      Sprint: Mesosphere Sprint 39

> The fetcher can access any local file as root
> ---------------------------------------------
>                 Key: MESOS-5845
>                 URL:
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Greg Mann
>            Assignee: Greg Mann
>              Labels: mesosphere
> The Mesos fetcher currently runs as root and does a blind cp+chown of any file:// URI
into the task's sandbox, to be owned by the task user. Even if frameworks are restricted from
running tasks as root, it seems they can still access root-protected files in this way. We
should secure the fetcher so that it has the filesystem permissions of the user its associated
task is being run as. One option would be to run the fetcher as the same user that the task
will run as.

This message was sent by Atlassian JIRA

View raw message