mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam B (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MESOS-6027) Executor stdout/stderr should not be world-readable
Date Thu, 11 Aug 2016 07:26:20 GMT

     [ https://issues.apache.org/jira/browse/MESOS-6027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Adam B updated MESOS-6027:
--------------------------
    Description: 
Running a task as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
-rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
{code}

As a user of a multi-tenant Mesos, I would expect my task logs to be inaccessible to other
users/tasks on the same node. Filesystem isolation helps from one angle, but basic Linux filesystem
permissions are just good practice.

There's no reason that any user other than the task user (i.e. the task itself) and root (e.g.
Mesos agent) should be able to access these logs.

  was:
Running a Marathon service as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
-rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
{code}

As a user of a multi-tenant Mesos, I would expect my task logs to be inaccessible to other
users/tasks on the same node. Filesystem isolation helps from one angle, but basic Linux filesystem
permissions are just good practice.

There's no reason that any user other than the task user (i.e. the task itself) and root (e.g.
Mesos agent) should be able to access these logs.


> Executor stdout/stderr should not be world-readable
> ---------------------------------------------------
>
>                 Key: MESOS-6027
>                 URL: https://issues.apache.org/jira/browse/MESOS-6027
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Adam B
>              Labels: security
>
> Running a task as 'nobody':
> {code}
> sh -c 'whoami && ls -l && sleep 1001'
> nobody
> -rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
> -rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
> {code}
> As a user of a multi-tenant Mesos, I would expect my task logs to be inaccessible to
other users/tasks on the same node. Filesystem isolation helps from one angle, but basic Linux
filesystem permissions are just good practice.
> There's no reason that any user other than the task user (i.e. the task itself) and root
(e.g. Mesos agent) should be able to access these logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message