mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Rojas <alexan...@mesosphere.io>
Subject Re: Review Request 58224: RFC: Add some consistency checks for libprocess UPIDs.
Date Fri, 07 Apr 2017 12:38:06 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/#review171330
-----------------------------------------------------------




3rdparty/libprocess/src/process.cpp
Lines 471-477 (patched)
<https://reviews.apache.org/r/58224/#comment244240>

    I think `SocketSession` or `SocketConnection` are better names for this abstraction, since
it better describes the intention of its usage.



3rdparty/libprocess/src/process.cpp
Lines 841-843 (original), 851-853 (patched)
<https://reviews.apache.org/r/58224/#comment244241>

    For what I saw, every time the `context` is around, it appears with the `socket` itself
and the `decoder`. Why not puting them (the socket and the decoder) inside the context and
let it manage their lifetimes.


- Alexander Rojas


On April 6, 2017, 12:15 a.m., James Peach wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58224/
> -----------------------------------------------------------
> 
> (Updated April 6, 2017, 12:15 a.m.)
> 
> 
> Review request for mesos and Mesos Reviewbot.
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> In general, libprocess is unable to validate that a peer is a legitimate
> owner of the UPID it claims in a libprocess message. This change adds
> 2 checks that make impersonation somewhat harder.
> 
> First, we bind the first UPID to the socket context. This prevents a
> peer attempting to switch UPIDs during a session.
> 
> Second, we enforce that the IP address in the UPID matches the peer
> address. This makes spoofing the UPID harder (eg. to send authenticated
> messages), but also breaks some legitimate configurations, particularly
> on multihomed hosts.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/src/process.cpp d0cba0c2299bddfedeb8bfde5b93aae733a9cd5b 
> 
> 
> Diff: https://reviews.apache.org/r/58224/diff/1/
> 
> 
> Testing
> -------
> 
> Minimal manual testing.
> 
> 
> Thanks,
> 
> James Peach
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message