You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Adam B (JIRA)" <ji...@apache.org> on 2016/08/11 07:26:20 UTC

[jira] [Updated] (MESOS-6027) Executor stdout/stderr should not be world-readable

     [ https://issues.apache.org/jira/browse/MESOS-6027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Adam B updated MESOS-6027:
--------------------------
    Description: 
Running a task as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
-rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
{code}

As a user of a multi-tenant Mesos, I would expect my task logs to be inaccessible to other users/tasks on the same node. Filesystem isolation helps from one angle, but basic Linux filesystem permissions are just good practice.

There's no reason that any user other than the task user (i.e. the task itself) and root (e.g. Mesos agent) should be able to access these logs.

  was:
Running a Marathon service as 'nobody':
{code}
sh -c 'whoami && ls -l && sleep 1001'
nobody
-rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
-rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
{code}

As a user of a multi-tenant Mesos, I would expect my task logs to be inaccessible to other users/tasks on the same node. Filesystem isolation helps from one angle, but basic Linux filesystem permissions are just good practice.

There's no reason that any user other than the task user (i.e. the task itself) and root (e.g. Mesos agent) should be able to access these logs.


> Executor stdout/stderr should not be world-readable
> ---------------------------------------------------
>
>                 Key: MESOS-6027
>                 URL: https://issues.apache.org/jira/browse/MESOS-6027
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Adam B
>              Labels: security
>
> Running a task as 'nobody':
> {code}
> sh -c 'whoami && ls -l && sleep 1001'
> nobody
> -rw-r--r--. 1 nobody nobody 2199 Jul  7 00:12 stderr
> -rw-r--r--. 1 nobody nobody  208 Jul  7 00:12 stdout
> {code}
> As a user of a multi-tenant Mesos, I would expect my task logs to be inaccessible to other users/tasks on the same node. Filesystem isolation helps from one angle, but basic Linux filesystem permissions are just good practice.
> There's no reason that any user other than the task user (i.e. the task itself) and root (e.g. Mesos agent) should be able to access these logs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)