[ https://issues.apache.org/jira/browse/MESOS-7265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15972846#comment-15972846 ]
Till Toenshoff commented on MESOS-7265: --------------------------------------- 1.1.x: {noformat} commit 46ea4cf7451c31fecd186495794be9232a4f0a07 Author: Till Toenshoff <toensh...@me.com> Date: Tue Apr 18 16:44:21 2017 +0200 Removed containerizer flag logging to prevent leak of sensitive data. * backported for 1.1.x * Review: https://reviews.apache.org/r/58503/ {noformat} 1.0.x: {noformat} commit b4289ab4d603d74447517da4591cb78a65823279 Author: Till Toenshoff <toensh...@me.com> Date: Tue Apr 18 16:41:42 2017 +0200 Removed containerizer flag logging to prevent leak of sensitive data. * backported for 1.0.x * Review: https://reviews.apache.org/r/58502/ {noformat} > Containerizer startup may cause sensitive data to leak into sandbox logs. > ------------------------------------------------------------------------- > > Key: MESOS-7265 > URL: https://issues.apache.org/jira/browse/MESOS-7265 > Project: Mesos > Issue Type: Bug > Components: agent, executor > Affects Versions: 1.2.0 > Reporter: Till Toenshoff > Assignee: Till Toenshoff > Labels: mesosphere > Fix For: 1.1.2, 1.2.1, 1.3.0, 1.0.4 > > > The task sandbox logging does show the callup for the containerizer launch > with all of its flags. > This is not safe when assuming that we may not want to leak sensitive data > into the sandbox logging. > Example: > {noformat} > Received SUBSCRIBED event > Subscribed executor on lobomacpro2.fritz.box > Received LAUNCH event > Starting task test > /Users/till/Development/mesos-private/build/src/mesos-containerizer launch > --help="false" > --launch_info="{"command":{"environment":{"variables":[{"name":"key1","type":"VALUE","value":"value1"}]},"shell":true,"value":"sleep > > 1000"},"environment":{"variables":[{"name":"BIN_SH","type":"VALUE","value":"xpg4"},{"name":"DUALCASE","type":"VALUE","value":"1"},{"name":"DYLD_LIBRARY_PATH","type":"VALUE","value":"\/Users\/till\/Development\/mesos-private\/build\/src\/.libs"},{"name":"LIBPROCESS_PORT","type":"VALUE","value":"0"},{"name":"MESOS_AGENT_ENDPOINT","type":"VALUE","value":"192.168.178.20:5051"},{"name":"MESOS_CHECKPOINT","type":"VALUE","value":"0"},{"name":"MESOS_DIRECTORY","type":"VALUE","value":"\/tmp\/mesos\/slaves\/816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0\/frameworks\/4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000\/executors\/test\/runs\/b4bd0251-b42a-4ab3-9f02-60ede75bf3b1"},{"name":"MESOS_EXECUTOR_ID","type":"VALUE","value":"test"},{"name":"MESOS_EXECUTOR_SHUTDOWN_GRACE_PERIOD","type":"VALUE","value":"5secs"},{"name":"MESOS_FRAMEWORK_ID","type":"VALUE","value":"4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000"},{"name":"MESOS_HTTP_COMMAND_EXECUTOR","type":"VALUE","value":"0"},{"name":"MESOS_SANDBOX","type":"VALUE","value":"\/tmp\/mesos\/slaves\/816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0\/frameworks\/4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000\/executors\/test\/runs\/b4bd0251-b42a-4ab3-9f02-60ede75bf3b1"},{"name":"MESOS_SLAVE_ID","type":"VALUE","value":"816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0"},{"name":"MESOS_SLAVE_PID","type":"VALUE","value":"slave(1)@192.168.178.20:5051"},{"name":"PATH","type":"VALUE","value":"\/usr\/local\/sbin:\/usr\/local\/bin:\/usr\/sbin:\/usr\/bin:\/sbin:\/bin"},{"name":"PWD","type":"VALUE","value":"\/private\/tmp\/mesos\/slaves\/816619b6-f5ce-42d6-ad6b-2ef2001adc0a-S0\/frameworks\/4c8a82d4-8a5b-47f5-a660-5fef15da71a5-0000\/executors\/test\/runs\/b4bd0251-b42a-4ab3-9f02-60ede75bf3b1"},{"name":"SHLVL","type":"VALUE","value":"0"},{"name":"__CF_USER_TEXT_ENCODING","type":"VALUE","value":"0x1F5:0x0:0x0"},{"name":"key1","type":"VALUE","value":"value1"},{"name":"key1","type":"VALUE","value":"value1"}]}}" > Forked command at 16329 > {noformat} -- This message was sent by Atlassian JIRA (v6.3.15#6346)