You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org> on 2011/07/29 05:44:09 UTC
[jira] [Created] (MAPREDUCE-2743) [MR-279] [Security] AM should not
be able to abuse container tokens for repetitive container launches
[MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
-----------------------------------------------------------------------------------------------------
Key: MAPREDUCE-2743
URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: mrv2
Reporter: Vinod Kumar Vavilapalli
Assignee: Vinod Kumar Vavilapalli
Fix For: 0.23.0
ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-2743) [MR-279] [Security] AM should
not be able to abuse container tokens for repetitive container launches
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442501#comment-13442501 ]
Daryn Sharp commented on MAPREDUCE-2743:
----------------------------------------
(Just for context: although the tokens have an expiration, they don't really expire when the job completes which allows them to be reused until the maximum lifetime expires)
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2743
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, nodemanager, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (MAPREDUCE-2743) [MR-279] [Security] AM should
not be able to abuse container tokens for repetitive container launches
Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442498#comment-13442498 ]
Daryn Sharp commented on MAPREDUCE-2743:
----------------------------------------
On YARN-39, you mentioned reopening this jira. It's not giving me the option, so can you please follow through?
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2743
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, nodemanager, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (MAPREDUCE-2743) [MR-279] [Security] AM should
not be able to abuse container tokens for repetitive container launches
Posted by "Vinod Kumar Vavilapalli (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kumar Vavilapalli resolved MAPREDUCE-2743.
------------------------------------------------
Resolution: Duplicate
I am fixing this as part of MAPREDUCE-3256. One less blocker :)
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2743
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, nodemanager, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-2743) [MR-279] [Security] AM should not
be able to abuse container tokens for repetitive container launches
Posted by "Vinod Kumar Vavilapalli (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kumar Vavilapalli updated MAPREDUCE-2743:
-----------------------------------------------
Component/s: security
nodemanager
Priority: Blocker (was: Major)
Affects Version/s: 0.23.0
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2743
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2, nodemanager, security
> Affects Versions: 0.23.0
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-2743) [MR-279] [Security] AM should not
be able to abuse container tokens for repetitive container launches
Posted by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kumar Vavilapalli updated MAPREDUCE-2743:
-----------------------------------------------
Issue Type: Bug (was: Sub-task)
Parent: (was: MAPREDUCE-3101)
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2743
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: nodemanager
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (MAPREDUCE-2743) [MR-279] [Security] AM should not
be able to abuse container tokens for repetitive container launches
Posted by "Vinod Kumar Vavilapalli (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinod Kumar Vavilapalli updated MAPREDUCE-2743:
-----------------------------------------------
Issue Type: Sub-task (was: Bug)
Parent: MAPREDUCE-3101
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-2743
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: mrv2
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Vinod Kumar Vavilapalli
> Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira