You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/04/12 18:28:41 UTC

[jira] [Comment Edited] (MESOS-7383) Docker executor logs possibly sensitive parameters.

    [ https://issues.apache.org/jira/browse/MESOS-7383?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15966355#comment-15966355 ] 

Till Toenshoff edited comment on MESOS-7383 at 4/12/17 6:28 PM:
----------------------------------------------------------------

{noformat}
master:
commit 47e04a4fc4b5d3b40616409a26003e9ec4596ec1
Author: Till Toenshoff toenshoff@me.com
Date:   Thu Mar 23 21:33:27 2017 +0100

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

1.2.x:
commit 12890ba05280e47728db654a4c3a57adb382a831
Author: Till Toenshoff toenshoff@me.com
Date:   Thu Mar 23 21:37:18 2017 +0100

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

1.1.x:
commit 2f910790f60cde698a1c3a08296d830acad0562a
Author: Till Toenshoff toenshoff@me.com
Date:   Mon Apr 10 23:57:19 2017 +0200

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

1.0.x:
commit 17ac0240a6136703e5bcac593cc79524a3eda92f
Author: Till Toenshoff toenshoff@me.com
Date:   Mon Apr 10 23:07:01 2017 +0200

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/
{noformat}


was (Author: tillt):
master:
commit 47e04a4fc4b5d3b40616409a26003e9ec4596ec1
Author: Till Toenshoff toenshoff@me.com
Date:   Thu Mar 23 21:33:27 2017 +0100

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

1.2.x:
commit 12890ba05280e47728db654a4c3a57adb382a831
Author: Till Toenshoff toenshoff@me.com
Date:   Thu Mar 23 21:37:18 2017 +0100

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

1.1.x:
commit 2f910790f60cde698a1c3a08296d830acad0562a
Author: Till Toenshoff toenshoff@me.com
Date:   Mon Apr 10 23:57:19 2017 +0200

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

1.0.x:
commit 17ac0240a6136703e5bcac593cc79524a3eda92f
Author: Till Toenshoff toenshoff@me.com
Date:   Mon Apr 10 23:07:01 2017 +0200

Fixed flags logging in Docker executor.

Review: https://reviews.apache.org/r/57889/

> Docker executor logs possibly sensitive parameters.
> ---------------------------------------------------
>
>                 Key: MESOS-7383
>                 URL: https://issues.apache.org/jira/browse/MESOS-7383
>             Project: Mesos
>          Issue Type: Bug
>          Components: agent, executor
>    Affects Versions: 1.0.2, 1.1.0, 1.2.0
>            Reporter: Till Toenshoff
>            Assignee: Till Toenshoff
>              Labels: mesosphere
>             Fix For: 1.1.2, 1.2.1, 1.0.4
>
>
> The Docker executor unconditionally logs possibly sensitive parameters, specifically environment variables, into the sandbox.
> The logging also appears to be done twice. 
> Example:
> {noformat}
> (AT BEGINNING OF FILE)
> --container="mesos-b2343362-5c0f-4cda-b7db-b6696b546623-S12.43e56357-b39b-408a-8d36-91949aeb4d0f" --docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true" --launcher_dir="/opt/mesosphere/packages/mesos--53649a30924fc00e80ad339c4fb442bd3d88cd50/libexec/mesos" --logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false" --sandbox_directory="/var/lib/mesos/slave/slaves/b2343362-5c0f-4cda-b7db-b6696b546623-S12/frameworks/b2343362-5c0f-4cda-b7db-b6696b546623-0000/executors/system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1/runs/43e56357-b39b-408a-8d36-91949aeb4d0f" --stop_timeout="20secs" --task_environment="{"SENSITIVE_ENV_VAR":"top secret value we should never see anywhere"}" 
> --container="mesos-b2343362-5c0f-4cda-b7db-b6696b546623-S12.43e56357-b39b-408a-8d36-91949aeb4d0f" --docker="docker" --docker_socket="/var/run/docker.sock" --help="false" --initialize_driver_logging="true" --launcher_dir="/opt/mesosphere/packages/mesos--53649a30924fc00e80ad339c4fb442bd3d88cd50/libexec/mesos" --logbufsecs="0" --logging_level="INFO" --mapped_directory="/mnt/mesos/sandbox" --quiet="false" --sandbox_directory="/var/lib/mesos/slave/slaves/b2343362-5c0f-4cda-b7db-b6696b546623-S12/frameworks/b2343362-5c0f-4cda-b7db-b6696b546623-0000/executors/system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1/runs/43e56357-b39b-408a-8d36-91949aeb4d0f" --stop_timeout="20secs" --task_environment="{"SENSITIVE_ENV_VAR":"top secret value we should never see anywhere"}"
> Registered docker executor on 10.215.129.28
> Starting task system_exporter_marathon.b93da4da-b130-11e6-852f-7e1a61e19da1
> Proxying http://marathon.mesos:8080 on localhost:8080 [DEBUG: 0]
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)