[ https://issues.apache.org/jira/browse/MESOS-5588?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15333389#comment-15333389 ]
Alexander Rojas edited comment on MESOS-5588 at 6/16/16 11:55 AM: ------------------------------------------------------------------ After consideration it seems many of use copied and pasted the last message when introducing new ACLs, so once one came with {{optional}} the next pasted one inherited the same attribute accidentally. was (Author: arojas): After consideration it seems many of use copied and pasted the last message when introducing new ACLs, so once one came with {{optional}} the next pasted one inherited accidentally. > Improve error handling when parsing acls. > ----------------------------------------- > > Key: MESOS-5588 > URL: https://issues.apache.org/jira/browse/MESOS-5588 > Project: Mesos > Issue Type: Improvement > Reporter: Joerg Schad > Assignee: Joerg Schad > > During parsing of the authorizer errors are ignored. This can lead to > undetected security issues. > Consider the following acl with an typo (usr instead of user) > {code} > "view_frameworks": [ > { > "principals": { "type": "ANY" }, > "usr": { "type": "NONE" } > } > ] > {code} > When the master is started with these flags it will interprete the acl int he > following way which gives any principal access to any framework. > {noformat} > view_frameworks { > principals { > type: ANY > } > } > {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)