You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Allen Wittenauer (JIRA)" <ji...@apache.org> on 2014/07/31 01:53:39 UTC
[jira] [Resolved] (MAPREDUCE-2057) Job Tracker appears to do host
access-control (mapred.hosts, mapred.hosts.exclude) based on presented name
from TaskTracker
[ https://issues.apache.org/jira/browse/MAPREDUCE-2057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Allen Wittenauer resolved MAPREDUCE-2057.
-----------------------------------------
Resolution: Fixed
I'm going to close this as fixed.
> Job Tracker appears to do host access-control (mapred.hosts, mapred.hosts.exclude) based on presented name from TaskTracker
> ---------------------------------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2057
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2057
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: jobtracker
> Affects Versions: 0.20.1
> Environment: Hadoop 0.20.1 - cloudera distribution, multihomed environment.
> Reporter: Matthew Byng-Maddick
>
> As far as I can tell, where the NameNode, in validating the dfs.hosts and dfs.hosts.exclude files uses the source IP address for the RPC connection, the JobTracker appears to use the presented hostname (set via slave.host.name or the standard hostname-search semantics) from the TaskTracker. Obviously this is a security bug as in a production environment it could allow rogue machines to present the hostname of a real TaskTracker and take over that role, but it also turns up as a configuration bug because it means that you can set up a (multi-homed, natch) environment where the same set of files work for the NameNode, but don't for the JobTracker or vice versa - with the same binding hostname for fs.default.name and mapred.job.tracker.
--
This message was sent by Atlassian JIRA
(v6.2#6252)