You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mesos.apache.org by James Peach <jo...@gmail.com> on 2017/11/01 21:28:26 UTC
clearing the executor authentication token from the task environment
Hi all,
In https://issues.apache.org/jira/browse/MESOS-8140, I'm proposing that we clear the MESOS_EXECUTOR_AUTHENTICATION_TOKEN environment variable immediately after consuming it in the built-in executors. This protects it from observation by other tasks in the same PID namespace, however I wanted to verify that no-one currently has a use case that depends on this. Currently, the token is inherited to the environment of tasks running under the command executor (i.e. not to task group tasks).
Eventually we would add a formal API for tasks to access the executor token in MESOS-8018.
thanks,
James
Re: clearing the executor authentication token from the task
environment
Posted by James Peach <jo...@gmail.com>.
> On Nov 1, 2017, at 2:28 PM, James Peach <Jo...@gmail.com> wrote:
>
> Hi all,
>
> In https://issues.apache.org/jira/browse/MESOS-8140, I'm proposing that we clear the MESOS_EXECUTOR_AUTHENTICATION_TOKEN environment variable immediately after consuming it in the built-in executors. This protects it from observation by other tasks in the same PID namespace, however I wanted to verify that no-one currently has a use case that depends on this. Currently, the token is inherited to the environment of tasks running under the command executor (i.e. not to task group tasks).
>
> Eventually we would add a formal API for tasks to access the executor token in MESOS-8018.
Ok, we will be landing this change for Mesos 1.5
thanks,
James
Re: clearing the executor authentication token from the task
environment
Posted by James Peach <jo...@gmail.com>.
> On Nov 1, 2017, at 2:28 PM, James Peach <Jo...@gmail.com> wrote:
>
> Hi all,
>
> In https://issues.apache.org/jira/browse/MESOS-8140, I'm proposing that we clear the MESOS_EXECUTOR_AUTHENTICATION_TOKEN environment variable immediately after consuming it in the built-in executors. This protects it from observation by other tasks in the same PID namespace, however I wanted to verify that no-one currently has a use case that depends on this. Currently, the token is inherited to the environment of tasks running under the command executor (i.e. not to task group tasks).
>
> Eventually we would add a formal API for tasks to access the executor token in MESOS-8018.
Ok, we will be landing this change for Mesos 1.5
thanks,
James