You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Yan Xu (JIRA)" <ji...@apache.org> on 2016/07/14 01:04:20 UTC

[jira] [Comment Edited] (MESOS-5845) The fetcher can access any local file as root

    [ https://issues.apache.org/jira/browse/MESOS-5845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15376112#comment-15376112 ] 

Yan Xu edited comment on MESOS-5845 at 7/14/16 1:04 AM:
--------------------------------------------------------

This is related of MESOS-5218 but we are looking at it from a different angle. Note that the fetcher process writes to the fetcher cache as well so running it as the task user results in files in the fetcher cache being owned by different task user. (For MESOS-5218 we are running only the decompression part in the fetcher as the task user). Should the correct solution for this ticket be to have the agent running as a special user (e.g., 'mesos') with sufficient capabilities to do containerization?


was (Author: xujyan):
This is related of MESOS-5218 but we are looking at it from a different angle. Note that the fetcher process writes to the fetcher cache as well so running it as the task user results in files in the fetcher being owned by different task user. (For MESOS-5218 we are running only the decompression part in the fetcher as the task user). Should the correct solution for this ticket be to have the agent running as a special user (e.g., 'mesos') with sufficient capabilities to do containerization?

> The fetcher can access any local file as root
> ---------------------------------------------
>
>                 Key: MESOS-5845
>                 URL: https://issues.apache.org/jira/browse/MESOS-5845
>             Project: Mesos
>          Issue Type: Bug
>            Reporter: Greg Mann
>            Assignee: Greg Mann
>              Labels: mesosphere
>
> The Mesos fetcher currently runs as root and does a blind cp+chown of any file:// URI into the task's sandbox, to be owned by the task user. Even if frameworks are restricted from running tasks as root, it seems they can still access root-protected files in this way. We should secure the fetcher so that it has the filesystem permissions of the user its associated task is being run as. One option would be to run the fetcher as the same user that the task will run as.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)