You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2010/08/03 04:24:17 UTC
[jira] Created: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
taskcontroller allows stealing permissions on any local file
------------------------------------------------------------
Key: MAPREDUCE-1991
URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: task-controller
Affects Versions: 0.21.0, 0.22.0
Reporter: Todd Lipcon
Priority: Blocker
The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895982#action_12895982 ]
Vinod K V commented on MAPREDUCE-1991:
--------------------------------------
bq. Is someone already working on a patch to remove the -l option, or should I grab this jira?
Please take this up, Todd. I can help with review/commit. Thanks!
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Ravi Gummadi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12902753#action_12902753 ]
Ravi Gummadi commented on MAPREDUCE-1991:
-----------------------------------------
Patch looks good to me.
+1
Would you please run linux task controller tests with (a) tasktracker_user and (b) other_user ?
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991-v2.txt, mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895459#action_12895459 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
Filed MAPREDUCE-1994 for fixing the way it determines its own path.
Is someone already working on a patch to remove the -l option, or should I grab this jira?
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Ravi Gummadi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896463#action_12896463 ]
Ravi Gummadi commented on MAPREDUCE-1991:
-----------------------------------------
display_usage( ) function has "Usage: task-controller [-l logfile] user command command-args". Would you please remove [-l logfile] here also ?
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894796#action_12894796 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
(note this is only possible in the case where the task-controller has been misconfigured so that a local user can run it - but still worth fixing imo)
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Vinod K V (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895136#action_12895136 ]
Vinod K V commented on MAPREDUCE-1991:
--------------------------------------
bq. The -l option is to enable logging in the taskcontroller. AFAIK, we have never really used this. Should we knock it out ?
A big +1. Note that we do depend on the fact that the output is piped into TaskTracker JVM and eventually into the TaskTracker's logs. So we should retain the logging to stdout/stderr but just knock out the command line option.
bq. We also have to fix the checks on permissions - it currently uses argv[0] which is spoofable. Calling stat on /proc/self/exe is going to be more secure (and we've already used Linux-specific code elsewhere in the task controller)
Can you please file a new ticket?
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Ravi Gummadi (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12903248#action_12903248 ]
Ravi Gummadi commented on MAPREDUCE-1991:
-----------------------------------------
I meant the following for the following 8 linux task controller based tests:
TestLocalizationWithLinuxTaskController
TestTrackerDistributedCacheManagerWithLinuxTaskController
TestJobExecutionAsDifferentUser
TestStreamingAsDifferentUser
TestPipesAsDifferentUser
TestDebugSciptWithLinuxTaskController
TestKillSubProcessesWithLinuxTaskController
TestLinuxTaskController
Sample test run as tasktracker_user(Jobs in the test are run as same user as the user who started the tasktracker):
user1$ ant test -Dtaskcontroller-path=<Path_Of_Directory_In_which_taskController_Is_setup> -Dtaskcontroller-ugi=user1,group_of_user1 -Dtest.output=yes -Dtestcase=TestLocalizationWithLinuxTaskController
Sample test run as other_user(Jobs in the test are run as different user than the user who started the tasktracker):
user1$ ant test -Dtaskcontroller-path=<Path_Of_Directory_In_which_taskController_Is_setup> -Dtaskcontroller-ugi=other_user,group_of_other_user -Dtest.output=yes -Dtestcase=TestLocalizationWithLinuxTaskController
<Path_Of_Directory_In_which_taskController_Is_setup> is the directory under which task-controller executable exists and its owner and group are set to root:tt_special_group and permissions are set to rwsr-s---. Here, tt_special_group is the group in which task tracker user is the only member(The user who is running the above ant commands is task tracker user).
other_user,group_of_other_user can be nobody,nobody(which mostly exist on all linux machines).
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991-v2.txt, mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon reassigned MAPREDUCE-1991:
--------------------------------------
Assignee: Todd Lipcon
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894791#action_12894791 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
{noformat}
[todd@monster01 hadoop]$ cat /tmp/secretfile
cat: /tmp/secretfile: Permission denied
[todd@monster01 hadoop]$ ls -l /tmp/secretfile
-rw------- 1 philip todd 3 Aug 2 19:19 /tmp/secretfile
[todd@monster01 hadoop]$ ./build/hadoop-0.20.2-CDH3b2-SNAPSHOT/bin/task-controller -l /tmp/secretfile
[todd@monster01 hadoop]$ ls -l /tmp/secretfile
-rwxrw-rw- 1 philip todd 190 Aug 2 19:19 /tmp/secretfile
[todd@monster01 hadoop]$ cat /tmp/secretfile
hi
Invalid configuration provided
mapreduce.tasktracker.group is not configured.
Group of the binary does not match with that in configuration
Invalid permissions on task-controller binary.
[todd@monster01 hadoop]$
{noformat}
This allows a malicious user to steal a local keytab, read /etc/shadow, corrupt binaries by appending junk, etc.
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894824#action_12894824 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
Yea, I think switching the order of the checks should be good enough. Or if it's not used, let's get rid of it - this code is scary since it's mostly running as root, so the simpler we can make it, the better!
If it's still useful, could we open the log file as the tasktracker user instead of as root? We can always setuid down to the mapred user, then setuid back up to root when we need it.
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894967#action_12894967 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
We also have to fix the checks on permissions - it currently uses argv[0] which is spoofable. Calling stat on /proc/self/exe is going to be more secure (and we've already used Linux-specific code elsewhere in the task controller)
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894793#action_12894793 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
Oh wait, I misread the permissions. It actually gets chmodded a+w, meaning a malicious user can trivially escalate to root by editing /etc/shadow or other system wide configurations.
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894985#action_12894985 ]
Allen Wittenauer commented on MAPREDUCE-1991:
---------------------------------------------
Or do we want to #ifdef this? [getexecname() under Solaris]
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Allen Wittenauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894977#action_12894977 ]
Allen Wittenauer commented on MAPREDUCE-1991:
---------------------------------------------
Should this get renamed linux-task-controller or be a wrapper to sbin where linux-task-controller lives? This way we can make it pluggable for other OSes...
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895005#action_12895005 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
The java side implementation is already called LinuxTaskController and is pluggable. I'm not against ifdeffing the different implementations, but I think there are some other Linux peculiarities in the code already (eg canonicalize_file_name is GNU specific).
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12902966#action_12902966 ]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
I'm not sure what you mean about running the task controller tests as another user. "ant test-task-controller" passes just fine as my normal user without even a setuid. Are you referring to a different test process?
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991-v2.txt, mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated MAPREDUCE-1991:
-----------------------------------
Attachment: mapreduce-1991-v2.txt
Good catch. New patch fixes display_usage
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991-v2.txt, mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated MAPREDUCE-1991:
-----------------------------------
Attachment: mapreduce-1991.txt
Here ya go - replaced LOG_FILE with stderr throughout, and removed the option parsing code.
Unfortunately I wasn't able to really test this patch in a cluster, since I don't have a secure cluster setup based on trunk, but ant test-task-controller works.
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Hemanth Yamijala (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894820#action_12894820 ]
Hemanth Yamijala commented on MAPREDUCE-1991:
---------------------------------------------
The -l option is to enable logging in the taskcontroller. AFAIK, we have never really used this. Should we knock it out ? Otherwise, moving the check for taskcontroller permissions before the opening of the log file will possibly fix this issue. Note that we do protect against some misconfiguration already. It just happens after the log file option is processed.
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-1991) taskcontroller allows stealing
permissions on any local file
Posted by "Todd Lipcon (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated MAPREDUCE-1991:
-----------------------------------
Status: Patch Available (was: Open)
Affects Version/s: (was: 0.21.0)
Forgot to mark patch available. Vinod/Ravi, mind taking a look when you get a chance?
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Attachments: mapreduce-1991-v2.txt, mapreduce-1991.txt
>
>
> The linux task-controller setuid binary allows a malicious user to chmod any file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.