[MESOS-1081] Master should not deactivate authenticated framework/slave on new AuthenticateMessage unless new authentication succeeds. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.21.0
Component/s: master
Labels:

Sprint:
Mesos Q3 Sprint 5, Mesos Q3 Sprint 6
Story Points:
1

Description

Master should not deactivate an authenticated framework/slave upon receiving a new AuthenticateMessage unless new authentication succeeds. As it stands now, a malicious user could spoof the pid of an authenticated framework/slave and send an AuthenticateMessage to knock a valid framework/slave off the authenticated list, forcing the valid framework/slave to re-authenticate and re-register. This could be used in a DoS attack.
But how should we handle the scenario when the actual authenticated framework/slave sends an AuthenticateMessage that fails authentication?

Attachments

Activity

People

Assignee:: Vinod Kone

Reporter:: Adam B

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11/Mar/14 21:48

Updated:: 25/Sep/14 20:55

Resolved:: 25/Sep/14 20:55