You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2017/04/06 17:01:42 UTC

[jira] [Assigned] (MESOS-7363) Improver master robustness against duplicate UPIDs

     [ https://issues.apache.org/jira/browse/MESOS-7363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James Peach reassigned MESOS-7363:
----------------------------------

    Assignee: James Peach

> Improver master robustness against duplicate UPIDs
> --------------------------------------------------
>
>                 Key: MESOS-7363
>                 URL: https://issues.apache.org/jira/browse/MESOS-7363
>             Project: Mesos
>          Issue Type: Bug
>          Components: master
>            Reporter: James Peach
>            Assignee: James Peach
>
> It is possible for a malicious client to send libprocess SUBSCRIBE requests that will trigger the {{!frameworks.principals.contains(...)}} CHECK. This can happen if the client sends a subscribe with a framework ID, then a second subscribe with a different framework ID but the same UPID. The invariant in the master is that a UPID uniquely identifies a given framework. This is violated if we allow multiple frameworks with the same UPID.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)