Joe Smith created MESOS-1678:
--------------------------------
Summary: Any framework with credentials can kill any other
framework via http
Key: MESOS-1678
URL: https://issues.apache.org/jira/browse/MESOS-1678
Project: Mesos
Issue Type: Story
Reporter: Joe Smith
Looking through [the review introducing the /shutdown http
endpoint|https://reviews.apache.org/r/22832], it appears that any framework's
credentials can be used to shutdown any other framework:
Around line 650:
{code}
foreach (const Credential& credential, master->credentials.get().http()) {
if (credential.principal() == username &&
(!credential.has_secret() || credential.secret() == password)) {
// TODO(ijimenez) make removeFramework asynchronously
master->removeFramework(framework);
return OK();
}
}
{code}
Thanks to [~adam-mesos], I looked into in [authorization
doc|https://github.com/apache/mesos/blob/master/docs/authorization.md], however
I don't see where the ACL-checking is happening within that code.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
