mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joseph Wu <jos...@mesosphere.io>
Subject Re: Review Request 70010: Store `logrotate` config in memfd file instead of container's sandbox.
Date Tue, 19 Feb 2019 19:58:03 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70010/#review212924
-----------------------------------------------------------


Ship it!




Your commit message could mention that the configure flag `ENABLE_LAUNCHER_SEALING` is necessary
too (not just Linux), to fix the security hole.


src/slave/container_loggers/logrotate.cpp
Lines 81-88 (patched)
<https://reviews.apache.org/r/70010/#comment298798>

    Just curious, but is it possible to enable memFD creation without the ability to seal?
 The flag we use to guard `memfd.cpp` refers to sealing, but here, we do not provide the `MFD_ALLOW_SEALING`
option.



src/slave/container_loggers/logrotate.cpp
Lines 96-101 (patched)
<https://reviews.apache.org/r/70010/#comment298799>

    Is there any need to flush this write?  Or do memFD's guarantee the write completes by
the time this returns?


- Joseph Wu


On Feb. 19, 2019, 9:06 a.m., Andrei Budnik wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70010/
> -----------------------------------------------------------
> 
> (Updated Feb. 19, 2019, 9:06 a.m.)
> 
> 
> Review request for mesos, Gilbert Song, Greg Mann, and Joseph Wu.
> 
> 
> Bugs: MESOS-9564
>     https://issues.apache.org/jira/browse/MESOS-9564
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> Previously, logrotation module stored the `logrotate` configuration
> file in container's sandbox directory, so that it was garbage collected
> together with the container's sandbox. If the container's task had
> permissions to modify this configuration file, it was possible to run
> any command under an unprivileged user. This patch stores `logrotate`
> config in an nonymous temporary file via `memfd`, so logrotation module
> can pass a path to procfs instead of container's sandbox. This approach
> solves the aforementioned security issue on Linux.
> 
> 
> Diffs
> -----
> 
>   src/slave/container_loggers/logrotate.cpp b989de3e4cd3fdc1d8bdccfc83c22c99519eea7b

> 
> 
> Diff: https://reviews.apache.org/r/70010/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andrei Budnik
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message