You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Till Toenshoff (JIRA)" <ji...@apache.org> on 2017/04/18 14:54:42 UTC
[jira] [Commented] (MESOS-7265) Containerizer startup may cause
sensitive data to leak into sandbox logs.
[ https://issues.apache.org/jira/browse/MESOS-7265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15972846#comment-15972846 ]
Till Toenshoff commented on MESOS-7265:
---------------------------------------
1.1.x:
{noformat}
commit 46ea4cf7451c31fecd186495794be9232a4f0a07
Author: Till Toenshoff <to...@me.com>
Date: Tue Apr 18 16:44:21 2017 +0200
Removed containerizer flag logging to prevent leak of sensitive data.
* backported for 1.1.x *
Review: https://reviews.apache.org/r/58503/
{noformat}
1.0.x:
{noformat}
commit b4289ab4d603d74447517da4591cb78a65823279
Author: Till Toenshoff <to...@me.com>
Date: Tue Apr 18 16:41:42 2017 +0200
Removed containerizer flag logging to prevent leak of sensitive data.
* backported for 1.0.x *
Review: https://reviews.apache.org/r/58502/
{noformat}
> Containerizer startup may cause sensitive data to leak into sandbox logs.
> -------------------------------------------------------------------------
>
> Key: MESOS-7265
> URL: https://issues.apache.org/jira/browse/MESOS-7265
> Project: Mesos
> Issue Type: Bug
> Components: agent, executor
> Affects Versions: 1.2.0
> Reporter: Till Toenshoff
> Assignee: Till Toenshoff
> Labels: mesosphere
> Fix For: 1.1.2, 1.2.1, 1.3.0, 1.0.4
>
>
> The task sandbox logging does show the callup for the containerizer launch with all of its flags.
> This is not safe when assuming that we may not want to leak sensitive data into the sandbox logging.
> Example:
> {noformat}
> Received SUBSCRIBED event
> Subscribed executor on lobomacpro2.fritz.box
> Received LAUNCH event
> Starting task test
> /Users/till/Development/mesos-private/build/src/mesos-containerizer launch --help="false" --launch_info="{"command":{"environment":{"variables":[{"name":"key1","type":"VALUE","value":"value1"}]},"shell":true,"value":"sleep 1000"},"environment":{"variables":[{"name":"BIN_SH","type":"VALUE","value":"xpg4"},{"name":"DUALCASE","type":"VALUE","value":"1"},{"name":"DYLD_LIBRARY_PATH","type":"VALUE","value":"\/Users\/till\/Development\/mesos-private\/build\/src\/.libs"},{"name":"LIBPROCESS_PORT","type":"VALUE","value":"0"},{"name":"MESOS_AGENT_ENDPOINT","type":"VALUE","value":"192.168.178.20:5051"},{"name":"MESOS_CHECKPOINT","type":"VALUE","value":"0"},{"name":"MESOS_DIRECTORY","type":"VALUE","value":"\/tmp\/mesos\/slaves\/816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0\/frameworks\/4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000\/executors\/test\/runs\/b4bd0251-b42a-4ab3-9f02-60ede75bf3b1"},{"name":"MESOS_EXECUTOR_ID","type":"VALUE","value":"test"},{"name":"MESOS_EXECUTOR_SHUTDOWN_GRACE_PERIOD","type":"VALUE","value":"5secs"},{"name":"MESOS_FRAMEWORK_ID","type":"VALUE","value":"4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000"},{"name":"MESOS_HTTP_COMMAND_EXECUTOR","type":"VALUE","value":"0"},{"name":"MESOS_SANDBOX","type":"VALUE","value":"\/tmp\/mesos\/slaves\/816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0\/frameworks\/4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000\/executors\/test\/runs\/b4bd0251-b42a-4ab3-9f02-60ede75bf3b1"},{"name":"MESOS_SLAVE_ID","type":"VALUE","value":"816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0"},{"name":"MESOS_SLAVE_PID","type":"VALUE","value":"slave(1)@192.168.178.20:5051"},{"name":"PATH","type":"VALUE","value":"\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin"},{"name":"PWD","type":"VALUE","value":"\/private\/tmp\/mesos\/slaves\/816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0\/frameworks\/4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000\/executors\/test\/runs\/b4bd0251-b42a-4ab3-9f02-60ede75bf3b1"},{"name":"SHLVL","type":"VALUE","value":"0"},{"name":"__CF_USER_TEXT_ENCODING","type":"VALUE","value":"0x1F5:0x0:0x0"},{"name":"key1","type":"VALUE","value":"value1"},{"name":"key1","type":"VALUE","value":"value1"}]}}"
> Forked command at 16329
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)