You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Benjamin Mahler (JIRA)" <ji...@apache.org> on 2017/05/30 22:40:04 UTC

[jira] [Updated] (MESOS-7401) Optionally reject messages when UPIDs does not match IP.

     [ https://issues.apache.org/jira/browse/MESOS-7401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Benjamin Mahler updated MESOS-7401:
-----------------------------------
    Issue Type: Improvement  (was: Bug)

> Optionally reject messages when UPIDs does not match IP.
> --------------------------------------------------------
>
>                 Key: MESOS-7401
>                 URL: https://issues.apache.org/jira/browse/MESOS-7401
>             Project: Mesos
>          Issue Type: Improvement
>          Components: libprocess
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
>             Fix For: 1.4.0
>
>
> {{libprocess}} does no validation of the peer UPID so in some deployments it is trivial to inject bogus messages and impersonate legitimate actors. If we add a check to verify that messages are received from the same IP address as the peer UPID claims to be using, we can increase the difficulty of UPID spoofing, and mitigate this somewhat.
> For compatibility, this has to be an optional setting and disabled by default.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)