You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/04/12 18:29:41 UTC

[jira] [Updated] (MESOS-7383) Docker executor logs possibly sensitive parameters.

     [ https://issues.apache.org/jira/browse/MESOS-7383?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Till Toenshoff updated MESOS-7383:
----------------------------------
    Affects Version/s:     (was: 1.0.2)
                       1.0.3

> Docker executor logs possibly sensitive parameters.
> ---------------------------------------------------
>
>                 Key: MESOS-7383
>                 URL: https://issues.apache.org/jira/browse/MESOS-7383
>             Project: Mesos
>          Issue Type: Bug
>          Components: agent, executor
>    Affects Versions: 1.0.3, 1.1.0, 1.2.0
>            Reporter: Till Toenshoff
>            Assignee: Till Toenshoff
>              Labels: mesosphere
>             Fix For: 1.1.2, 1.2.1, 1.0.4
>
>
> The Docker executor unconditionally logs possibly sensitive parameters, specifically environment variables, into the sandbox.
> The logging also appears to be done twice. 
> Example:
> {noformat}
> (AT BEGINNING OF FILE)
> --container="mesos-b2343362-5c0f-4cda-b7db-b6696b546623-S12.43e56357-b39b-408a-8d36-91949aeb4d0f" --docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true" --launcher_dir="/opt/mesosphere/packages/mesos--53649a30924fc00e80ad339c4fb442bd3d88cd50/libexec/mesos" --logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false" --sandbox_directory="/var/lib/mesos/slave/slaves/b2343362-5c0f-4cda-b7db-b6696b546623-S12/frameworks/b2343362-5c0f-4cda-b7db-b6696b546623-0000/executors/system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1/runs/43e56357-b39b-408a-8d36-91949aeb4d0f" --stop_timeout="20secs" --task_environment="{"SENSITIVE_ENV_VAR":"top secret value we should never see anywhere"}" 
> --container="mesos-b2343362-5c0f-4cda-b7db-b6696b546623-S12.43e56357-b39b-408a-8d36-91949aeb4d0f" --docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true" --launcher_dir="/opt/mesosphere/packages/mesos--53649a30924fc00e80ad339c4fb442bd3d88cd50/libexec/mesos" --logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false" --sandbox_directory="/var/lib/mesos/slave/slaves/b2343362-5c0f-4cda-b7db-b6696b546623-S12/frameworks/b2343362-5c0f-4cda-b7db-b6696b546623-0000/executors/system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1/runs/43e56357-b39b-408a-8d36-91949aeb4d0f" --stop_timeout="20secs" --task_environment="{"SENSITIVE_ENV_VAR":"top secret value we should never see anywhere"}"
> Registered docker executor on 10.215.129.28
> Starting task system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1
> Proxying http://marathon.mesos:8080 on localhost:8080 [DEBUG: 0]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)