You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Anindya Sinha (JIRA)" <ji...@apache.org> on 2017/01/19 20:27:26 UTC
[jira] [Commented] (MESOS-6953) A compromised mesos-Master can
execute code as root on agents.
[ https://issues.apache.org/jira/browse/MESOS-6953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15830550#comment-15830550 ]
Anindya Sinha commented on MESOS-6953:
--------------------------------------
To mitigate this, we can add an optional arg in mesos-agent called `whitelisted-users` which is a list of users who are authorized to run tasks on the agent.
If this list contains the task user or if this list is empty (or the arg is missing), we allow the task to be launched on the agent. Otherwise, agent shall not let the task be launched, and send a `TASK_FAILED` StatusUpdate with a new `Reason` denoting that the user is not authorized to run the task.
> A compromised mesos-Master can execute code as root on agents.
> --------------------------------------------------------------
>
> Key: MESOS-6953
> URL: https://issues.apache.org/jira/browse/MESOS-6953
> Project: Mesos
> Issue Type: Bug
> Components: security
> Reporter: Anindya Sinha
> Assignee: Anindya Sinha
> Labels: security, slave
>
> mesos-master has a `--[no-]root_submissions` flag that controls whether frameworks with `root` user are admitted to the cluster.
> However, if a mesos-master node is compromised, it can attempt to schedule tasks on agent as the `root` user. Since mesos-agent has no check against tasks running on the agent for specific users, tasks can get run with `root` privileges can get run within the container on the agent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)