mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: Review Request 58224: Optionally verify the source IP address for libprocess messages.
Date Wed, 10 May 2017 18:06:23 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58224/
-----------------------------------------------------------

(Updated May 10, 2017, 6:06 p.m.)


Review request for mesos and Benjamin Mahler.


Bugs: MESOS-7401
    https://issues.apache.org/jira/browse/MESOS-7401


Repository: mesos


Description
-------

In general, libprocess is unable to validate that a peer
is a legitimate owner of the UPID it claims in a libprocess
message. This change adds a check that the IP address in the
UPID matches the peer address. This makes spoofing the UPID
harder (eg. to send authenticated messages), but also breaks
some legitimate configurations, particularly on multihomed
hosts.


Diffs (updated)
-----

  3rdparty/libprocess/src/process.cpp 96ce7dbc486a2f1d55d2238a8a102bf024b12b1c 


Diff: https://reviews.apache.org/r/58224/diff/8/

Changes: https://reviews.apache.org/r/58224/diff/7-8/


Testing
-------

make check (Fedora 25). Light manual testing.

With LIBPROCESS_require_peer_address_ip_match=true, all Mesos tests pass except ``ExamplesTest.DiskFullFramework``,
however enabling this will definitely break some libprocess APIs (though not in the way that
Mesos uses them) and legitimate multi-homed configurations. Note that setting LIBPROCESS_ip=127.0.0.1
makes you multihomed for this purpose, which is why ``ExamplesTest.DiskFullFramework`` breaks.


Thanks,

James Peach


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message