You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@mesos.apache.org by "Gavin (JIRA)" <ji...@apache.org> on 2019/04/29 09:28:08 UTC

[jira] [Issue Comment Deleted] (MESOS-9349) Prevent ptracing of container management processes.

     [ https://issues.apache.org/jira/browse/MESOS-9349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gavin updated MESOS-9349:
-------------------------
    Comment: was deleted

(was: www.rtat.net)

> Prevent ptracing of container management processes.
> ---------------------------------------------------
>
>                 Key: MESOS-9349
>                 URL: https://issues.apache.org/jira/browse/MESOS-9349
>             Project: Mesos
>          Issue Type: Improvement
>          Components: containerization, security
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
>
> The container launcher and the built-in executors are (at least partially) accessible to containerized user tasks. Since these processes may contain secrets or hold privileged resources, we can increase the difficulty of attacking them by preventing user tasks attaching to them with ptrace(2). This amounts to calling `prctl(PR_SET_DUMPABLE, 0)`.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)