[
https://issues.apache.org/jira/browse/MESOS-8917?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chun-Hung Hsiao updated MESOS-8917:
-----------------------------------
Comment: was deleted
(was: I was wondering that, could this be the root cause of MESOS-8428?
Here is a repro (when running in repetition):
https://reviews.apache.org/r/65085/)
> Agent leaking file descriptors into forked processes
> ----------------------------------------------------
>
> Key: MESOS-8917
> URL: https://issues.apache.org/jira/browse/MESOS-8917
> Project: Mesos
> Issue Type: Bug
> Components: agent, containerization, libprocess, stout
> Reporter: Benjamin Bannier
> Assignee: Benjamin Bannier
> Priority: Major
> Labels: mesosphere
>
> If not all file descriptors are carefully {{open}}'ed with {{O_CLOEXEC}} the
> Mesos agent might leak them into forked processes e.g., executors. This
> presents a potential security issue as such processes can interfere with the
> agent.
> The current approach is to fix all invocations of {{open}} to always set
> {{O_CLOEXEC}}, but this approach breaks down when using 3rdparty libraries as
> there is no reliable way to patch unbundled dependencies.
> It seems a more reliable approach would be to {{close}} all but a whitelisted
> set of file descriptors when after {{fork}}, but before the {{exec*}}. It
> should be possible to assemble such a whitelist for the typical use cases
> (e.g., in for the Mesos containerizer's {{launch}}) and pass it to a
> modified functions to start subprocess. We might need to audit uses of raw
> {{fork}} in the code.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
