[MESOS-8917] Agent leaking file descriptors into forked processes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.3, 1.5.2, 1.6.2, 1.7.0
Component/s: agent, containerization, libprocess, stout
Labels:
- mesosphere

Sprint:
Mesosphere Sprint 2018-20, Mesosphere Sprint 2018-21, Mesosphere Sprint 2018-22, Mesosphere Sprint 2018-23
Story Points:
3

Description

If not all file descriptors are carefully open'ed with O_CLOEXEC the Mesos agent might leak them into forked processes e.g., executors. This presents a potential security issue as such processes can interfere with the agent.

The current approach is to fix all invocations of open to always set O_CLOEXEC, but this approach breaks down when using 3rdparty libraries as there is no reliable way to patch unbundled dependencies.

It seems a more reliable approach would be to close all but a whitelisted set of file descriptors when after fork, but before the exec*. It should be possible to assemble such a whitelist for the typical use cases (e.g., in for the Mesos containerizer's launch) and pass it to a modified functions to start subprocess. We might need to audit uses of raw fork in the code.

Attachments

Issue Links

breaks

MESOS-8913 Resource provider manager registry leaks file descriptors into executors.

Resolved

causes

MESOS-8913 Resource provider manager registry leaks file descriptors into executors.

Resolved

Activity

People

Assignee:: Benjamin Bannier

Reporter:: Benjamin Bannier

Shepherd:: Jie Yu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/May/18 11:51

Updated:: 10/Oct/18 23:57

Resolved:: 25/Jun/18 18:15