You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Nigel Daley (JIRA)" <ji...@apache.org> on 2011/04/10 03:13:06 UTC
[jira] [Commented] (MAPREDUCE-2178) Race condition in
LinuxTaskController permissions handling
[ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13018011#comment-13018011 ]
Nigel Daley commented on MAPREDUCE-2178:
----------------------------------------
Todd and others, what's the plan on this one. Looks really hairy but clearly important for 0.22. Lots of other issues dependent or superseded by this one depending on the fix. As far as I can tell, these issue are dependent and/or superceded:
MAPREDUCE-1100
MAPREDUCE-1716
MAPREDUCE-1991
MAPREDUCE-2265
MAPREDUCE-2268
> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
> Key: MAPREDUCE-2178
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security, task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
> Fix For: 0.22.0
>
> Attachments: 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch, 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch, ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt, mr-2178-error-on-launch-fail.txt, mr-2178-y20-sortof.patch, racy-config-check-test-changes.txt
>
>
> The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod on the files inside. There is a race condition here which can be exploited by an attacker, causing the task-controller to improprly chown an arbitrary target file (via a symlink) to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last couple of months]
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira