You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Owen O'Malley (JIRA)" <ji...@apache.org> on 2009/06/16 22:47:07 UTC

[jira] Created: (HADOOP-6058) The TaskTracker's shell environment should not be passed to the children.

The TaskTracker's shell environment should not be passed to the children.
-------------------------------------------------------------------------

                 Key: HADOOP-6058
                 URL: https://issues.apache.org/jira/browse/HADOOP-6058
             Project: Hadoop Core
          Issue Type: Bug
          Components: mapred
            Reporter: Owen O'Malley
            Priority: Critical
             Fix For: 0.21.0


HADOOP-2838 and HADOOP-5981 added support to make the TaskTracker's shell environment available to the tasks. This has two problems:
  1. It makes the task tracker's environment part of the interface to the task, which is fairly brittle.
  2. Security code typically only passes along whitelisted environment variables instead of everything to prevent accidental leakage from the administrator's account.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-6058) The TaskTracker's shell environment should not be passed to the children.

Posted by "Amar Kamat (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-6058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12721126#action_12721126 ] 

Amar Kamat commented on HADOOP-6058:
------------------------------------

Something similar is done today. For LD_LIBRARY_PATH, we prepend the pwd value (work dir) and pass it to the child env. Putting LD_LIBRARY_PATH in the white listed set makes sense now. Wondering if 
LD_LIBRARY_PATH=$PWD:$LD_LIBRARY_PATH also makes sense and helps us keep it simple and generic. Thoughts?

> The TaskTracker's shell environment should not be passed to the children.
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-6058
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6058
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: mapred
>            Reporter: Owen O'Malley
>            Priority: Critical
>             Fix For: 0.21.0
>
>
> HADOOP-2838 and HADOOP-5981 added support to make the TaskTracker's shell environment available to the tasks. This has two problems:
>   1. It makes the task tracker's environment part of the interface to the task, which is fairly brittle.
>   2. Security code typically only passes along whitelisted environment variables instead of everything to prevent accidental leakage from the administrator's account.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (HADOOP-6058) The TaskTracker's shell environment should not be passed to the children.

Posted by "Devaraj Das (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/HADOOP-6058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12720501#action_12720501 ] 

Devaraj Das commented on HADOOP-6058:
-------------------------------------

So this feature (or bug) to do with the whole of TaskTracker's env being passed to the child has always been there. The fix to this issue (after an offline discussion with Owen) is:
1) Determine what env vars can be whitelisted
2) Disable variable substitution for the non-whitelisted ones and only do a pass-through (if the user passes them via -Dmapred.child.env)

> The TaskTracker's shell environment should not be passed to the children.
> -------------------------------------------------------------------------
>
>                 Key: HADOOP-6058
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6058
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: mapred
>            Reporter: Owen O'Malley
>            Priority: Critical
>             Fix For: 0.21.0
>
>
> HADOOP-2838 and HADOOP-5981 added support to make the TaskTracker's shell environment available to the tasks. This has two problems:
>   1. It makes the task tracker's environment part of the interface to the task, which is fairly brittle.
>   2. Security code typically only passes along whitelisted environment variables instead of everything to prevent accidental leakage from the administrator's account.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.