mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anindya Sinha (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-6953) A compromised mesos-Master can execute code as root on agents.
Date Thu, 19 Jan 2017 20:27:26 GMT

    [ https://issues.apache.org/jira/browse/MESOS-6953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15830550#comment-15830550
] 

Anindya Sinha commented on MESOS-6953:
--------------------------------------

To mitigate this, we can add an optional arg in mesos-agent called `whitelisted-users` which
is a list of users who are authorized to run tasks on the agent.
If this list contains the task user or if this list is empty (or the arg is missing), we allow
the task to be launched on the agent. Otherwise, agent shall not let the task be launched,
and send a `TASK_FAILED` StatusUpdate with a new `Reason` denoting that the user is not authorized
to run the task.

> A compromised mesos-Master can execute code as root on agents.
> --------------------------------------------------------------
>
>                 Key: MESOS-6953
>                 URL: https://issues.apache.org/jira/browse/MESOS-6953
>             Project: Mesos
>          Issue Type: Bug
>          Components: security
>            Reporter: Anindya Sinha
>            Assignee: Anindya Sinha
>              Labels: security, slave
>
> mesos-master has a `--[no-]root_submissions` flag that controls whether frameworks with
`root` user are admitted to the cluster.
> However, if a mesos-master node is compromised, it can attempt to schedule tasks on agent
as the `root` user. Since mesos-agent has no check against tasks running on the agent for
specific users, tasks can get run with `root` privileges can get run within the container
on the agent.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message