mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Till Toenshoff (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (MESOS-7383) Docker executor logs possibly sensitive parameters.
Date Wed, 12 Apr 2017 18:26:42 GMT

     [ https://issues.apache.org/jira/browse/MESOS-7383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Till Toenshoff reassigned MESOS-7383:
-------------------------------------

    Assignee: Till Toenshoff

> Docker executor logs possibly sensitive parameters.
> ---------------------------------------------------
>
>                 Key: MESOS-7383
>                 URL: https://issues.apache.org/jira/browse/MESOS-7383
>             Project: Mesos
>          Issue Type: Bug
>          Components: agent, executor
>    Affects Versions: 1.0.2, 1.1.0, 1.2.0
>            Reporter: Till Toenshoff
>            Assignee: Till Toenshoff
>              Labels: mesosphere
>
> The Docker executor unconditionally logs possibly sensitive parameters, specifically
environment variables, into the sandbox.
> The logging also appears to be done twice. 
> Example:
> {noformat}
> (AT BEGINNING OF FILE)
> --container="mesos-b2343362-5c0f-4cda-b7db-b6696b546623-S12.43e56357-b39b-408a-8d36-91949aeb4d0f"
--docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true"
--launcher_dir="/opt/mesosphere/packages/mesos--53649a30924fc00e80ad339c4fb442bd3d88cd50/libexec/mesos"
--logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false"
--sandbox_directory="/var/lib/mesos/slave/slaves/b2343362-5c0f-4cda-b7db-b6696b546623-S12/frameworks/b2343362-5c0f-4cda-b7db-b6696b546623-0000/executors/system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1/runs/43e56357-b39b-408a-8d36-91949aeb4d0f"
--stop_timeout="20secs" --task_environment="{"SENSITIVE_ENV_VAR":"top secret value we should
never see anywhere"}" 
> --container="mesos-b2343362-5c0f-4cda-b7db-b6696b546623-S12.43e56357-b39b-408a-8d36-91949aeb4d0f"
--docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true"
--launcher_dir="/opt/mesosphere/packages/mesos--53649a30924fc00e80ad339c4fb442bd3d88cd50/libexec/mesos"
--logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false"
--sandbox_directory="/var/lib/mesos/slave/slaves/b2343362-5c0f-4cda-b7db-b6696b546623-S12/frameworks/b2343362-5c0f-4cda-b7db-b6696b546623-0000/executors/system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1/runs/43e56357-b39b-408a-8d36-91949aeb4d0f"
--stop_timeout="20secs" --task_environment="{"SENSITIVE_ENV_VAR":"top secret value we should
never see anywhere"}"
> Registered docker executor on 10.215.129.28
> Starting task system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1
> Proxying http://marathon.mesos:8080 on localhost:8080 [DEBUG: 0]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message