mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chun-Hung Hsiao (JIRA)" <>
Subject [jira] [Issue Comment Deleted] (MESOS-8917) Agent leaking file descriptors into forked processes
Date Thu, 17 May 2018 01:45:00 GMT


Chun-Hung Hsiao updated MESOS-8917:
    Comment: was deleted

(was: I was wondering that, could this be the root cause of MESOS-8428?
Here is a repro (when running in repetition):

> Agent leaking file descriptors into forked processes
> ----------------------------------------------------
>                 Key: MESOS-8917
>                 URL:
>             Project: Mesos
>          Issue Type: Bug
>          Components: agent, containerization, libprocess, stout
>            Reporter: Benjamin Bannier
>            Assignee: Benjamin Bannier
>            Priority: Major
>              Labels: mesosphere
> If not all file descriptors are carefully {{open}}'ed with {{O_CLOEXEC}} the Mesos agent
might leak them into forked processes e.g., executors. This presents a potential security
issue as such processes can interfere with the agent.
> The current approach is to fix all invocations of {{open}} to always set {{O_CLOEXEC}},
but this approach breaks down when using 3rdparty libraries as there is no reliable way to
patch unbundled dependencies.
> It seems a more reliable approach would be to {{close}} all but a whitelisted set of
file descriptors when after {{fork}}, but before the {{exec*}}. It should be possible to assemble
such a whitelist for the typical use cases (e.g., in for the Mesos containerizer's  {{launch}})
and pass it to a modified functions to start subprocess. We might need to audit uses of raw
{{fork}} in the code.

This message was sent by Atlassian JIRA

View raw message