[jira] [Updated] (MESOS-7401) Optionally reject messages when UPIDs does not match IP.

Benjamin Mahler (JIRA) Wed, 26 Apr 2017 17:38:57 -0700

     [ 
https://issues.apache.org/jira/browse/MESOS-7401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Benjamin Mahler updated MESOS-7401:
-----------------------------------
    Summary: Optionally reject messages when UPIDs does not match IP.  (was: 
Optionally pin UPIDs to their IP address.)

> Optionally reject messages when UPIDs does not match IP.
> --------------------------------------------------------
>
>                 Key: MESOS-7401
>                 URL: https://issues.apache.org/jira/browse/MESOS-7401
>             Project: Mesos
>          Issue Type: Bug
>          Components: libprocess
>            Reporter: James Peach
>            Assignee: James Peach
>            Priority: Minor
>
> {{libprocess}} does no validation of the peer UPID so in some deployments it 
> is trivial to inject bogus messages and impersonate legitimate actors. If we 
> add a check to verify that messages are received from the same IP address as 
> the peer UPID claims to be using, we can increase the difficulty of UPID 
> spoofing, and mitigate this somewhat.
> For compatibility, this has to be an optional setting and disabled by default.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (MESOS-7401) Optionally reject messages when UPIDs does not match IP.

Reply via email to