You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:44:04 UTC
svn commit: r1077683 - in
/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred:
LinuxTaskController.java TaskController.java
Author: omalley
Date: Fri Mar 4 04:44:04 2011
New Revision: 1077683
URL: http://svn.apache.org/viewvc?rev=1077683&view=rev
Log:
commit b9e954c8cf62cbb6117ef5a97628ab58eb531453
Author: Devaraj Das <dd...@yahoo-inc.com>
Date: Fri Sep 17 00:37:12 2010 -0700
: Fixes task log servlet vulnerabilities via symlinks. Contributed by Todd Lipcon and Devaraj Das.
+++ b/YAHOO-CHANGES.txt
+ : Fixes task log servlet vulnerabilities via symlinks.
+ (Todd Lipcon and Devaraj Das)
+
+ , : Write task initialization to avoid race conditions
+ leading to privilege escalation and resource leakage by performing more acti
+ as the user. Owen O'Malley, Devaraj Das, Chris Douglas
+
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java?rev=1077683&r1=1077682&r2=1077683&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java Fri Mar 4 04:44:04 2011
@@ -317,5 +317,10 @@ class LinuxTaskController extends TaskCo
}
}
}
+
+ @Override
+ public String getRunAsUser(JobConf conf) {
+ return conf.getUser();
+ }
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java?rev=1077683&r1=1077682&r2=1077683&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java Fri Mar 4 04:44:04 2011
@@ -169,6 +169,13 @@ public abstract class TaskController imp
}
}
}
+
+ /**
+ * Returns the local unix user that a given job will run as.
+ */
+ public String getRunAsUser(JobConf conf) {
+ return System.getProperty("user.name");
+ }
//Write the JVM command line to a file under the specified directory
// Note that the JVM will be launched using a setuid executable, and