----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58224/#review173903 -----------------------------------------------------------
Patch looks great! Reviews applied: [58977, 58928, 58224] Passed command: export OS='ubuntu:14.04' BUILDTOOL='autotools' COMPILER='gcc' CONFIGURATION='--verbose' ENVIRONMENT='GLOG_v=1 MESOS_VERBOSE=1'; ./support/docker-build.sh - Mesos Reviewbot On May 4, 2017, 12:31 a.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58224/ > ----------------------------------------------------------- > > (Updated May 4, 2017, 12:31 a.m.) > > > Review request for mesos and Benjamin Mahler. > > > Bugs: MESOS-7401 > https://issues.apache.org/jira/browse/MESOS-7401 > > > Repository: mesos > > > Description > ------- > > In general, libprocess is unable to validate that a peer > is a legitimate owner of the UPID it claims in a libprocess > message. This change adds a check that the IP address in the > UPID matches the peer address. This makes spoofing the UPID > harder (eg. to send authenticated messages), but also breaks > some legitimate configurations, particularly on multihomed > hosts. > > > Diffs > ----- > > 3rdparty/libprocess/src/process.cpp > f5b666f894215cb1861c244c94b382e0739bc5c9 > > > Diff: https://reviews.apache.org/r/58224/diff/6/ > > > Testing > ------- > > make check (Fedora 25). Light manual testing. > > With LIBPROCESS_require_peer_address_ip_match=true, all Mesos tests pass > except ``ExamplesTest.DiskFullFramework``, however enabling this will > definitely break some libprocess APIs (though not in the way that Mesos uses > them) and legitimate multi-homed configurations. Note that setting > LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why > ``ExamplesTest.DiskFullFramework`` breaks. > > > Thanks, > > James Peach > >
