You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "James Peach (JIRA)" <ji...@apache.org> on 2017/04/06 17:01:42 UTC
[jira] [Assigned] (MESOS-7363) Improver master robustness against
duplicate UPIDs
[ https://issues.apache.org/jira/browse/MESOS-7363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James Peach reassigned MESOS-7363:
----------------------------------
Assignee: James Peach
> Improver master robustness against duplicate UPIDs
> --------------------------------------------------
>
> Key: MESOS-7363
> URL: https://issues.apache.org/jira/browse/MESOS-7363
> Project: Mesos
> Issue Type: Bug
> Components: master
> Reporter: James Peach
> Assignee: James Peach
>
> It is possible for a malicious client to send libprocess SUBSCRIBE requests that will trigger the {{!frameworks.principals.contains(...)}} CHECK. This can happen if the client sends a subscribe with a framework ID, then a second subscribe with a different framework ID but the same UPID. The invariant in the master is that a UPID uniquely identifies a given framework. This is violated if we allow multiple frameworks with the same UPID.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)