----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58224/#review176360 -----------------------------------------------------------
Fix it, then Ship it! 3rdparty/libprocess/src/process.cpp Lines 217 (patched) <https://reviews.apache.org/r/58224/#comment249750> Do we allow "1" as the boolean flag value? Maybe let's just say "if set" to avoid confusion about this being a number flag instead of a boolean flag? 3rdparty/libprocess/src/process.cpp Line 955 (original), 970-971 (patched) <https://reviews.apache.org/r/58224/#comment249749> Why change this in this patch? 3rdparty/libprocess/src/process.cpp Lines 2877-2878 (patched) <https://reviews.apache.org/r/58224/#comment249757> How about a CHECK_SOME of request->client? 3rdparty/libprocess/src/process.cpp Lines 2877-2878 (patched) <https://reviews.apache.org/r/58224/#comment249758> Could use some comments here to make it more obvious w.r.t. to address vs ip address: ``` // If the client address is not an IP address (e.g. coming // from a domain socket), we also reject the message. Try<inet::Address> client_ip_address = network::convert<inet::Address>(request->client.get()); ``` - Benjamin Mahler On May 10, 2017, 6:06 p.m., James Peach wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58224/ > ----------------------------------------------------------- > > (Updated May 10, 2017, 6:06 p.m.) > > > Review request for mesos and Benjamin Mahler. > > > Bugs: MESOS-7401 > https://issues.apache.org/jira/browse/MESOS-7401 > > > Repository: mesos > > > Description > ------- > > In general, libprocess is unable to validate that a peer > is a legitimate owner of the UPID it claims in a libprocess > message. This change adds a check that the IP address in the > UPID matches the peer address. This makes spoofing the UPID > harder (eg. to send authenticated messages), but also breaks > some legitimate configurations, particularly on multihomed > hosts. > > > Diffs > ----- > > 3rdparty/libprocess/src/process.cpp > 96ce7dbc486a2f1d55d2238a8a102bf024b12b1c > > > Diff: https://reviews.apache.org/r/58224/diff/11/ > > > Testing > ------- > > make check (Fedora 25). Light manual testing. > > With LIBPROCESS_require_peer_address_ip_match=true, all Mesos tests pass > except ``ExamplesTest.DiskFullFramework``, however enabling this will > definitely break some libprocess APIs (though not in the way that Mesos uses > them) and legitimate multi-homed configurations. Note that setting > LIBPROCESS_ip=127.0.0.1 makes you multihomed for this purpose, which is why > ``ExamplesTest.DiskFullFramework`` breaks. > > > Thanks, > > James Peach > >