You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-issues@hadoop.apache.org by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org> on 2011/07/29 05:44:09 UTC

[jira] [Created] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

[MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
-----------------------------------------------------------------------------------------------------

                 Key: MAPREDUCE-2743
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
             Project: Hadoop Map/Reduce
          Issue Type: Bug
          Components: mrv2
            Reporter: Vinod Kumar Vavilapalli
            Assignee: Vinod Kumar Vavilapalli
             Fix For: 0.23.0


ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.

A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442501#comment-13442501 ] 

Daryn Sharp commented on MAPREDUCE-2743:
----------------------------------------

(Just for context: although the tokens have an expiration, they don't really expire when the job completes which allows them to be reused until the maximum lifetime expires)
                
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, nodemanager, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Posted by "Daryn Sharp (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442498#comment-13442498 ] 

Daryn Sharp commented on MAPREDUCE-2743:
----------------------------------------

On YARN-39, you mentioned reopening this jira.  It's not giving me the option, so can you please follow through?
                
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, nodemanager, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Posted by "Vinod Kumar Vavilapalli (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinod Kumar Vavilapalli resolved MAPREDUCE-2743.
------------------------------------------------

    Resolution: Duplicate

I am fixing this as part of MAPREDUCE-3256. One less blocker :)
                
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, nodemanager, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Posted by "Vinod Kumar Vavilapalli (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinod Kumar Vavilapalli updated MAPREDUCE-2743:
-----------------------------------------------

          Component/s: security
                       nodemanager
             Priority: Blocker  (was: Major)
    Affects Version/s: 0.23.0
    
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, nodemanager, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Posted by "Vinod Kumar Vavilapalli (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinod Kumar Vavilapalli updated MAPREDUCE-2743:
-----------------------------------------------

    Issue Type: Bug  (was: Sub-task)
        Parent:     (was: MAPREDUCE-3101)
    
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: nodemanager
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Posted by "Vinod Kumar Vavilapalli (Updated) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vinod Kumar Vavilapalli updated MAPREDUCE-2743:
-----------------------------------------------

    Issue Type: Sub-task  (was: Bug)
        Parent: MAPREDUCE-3101
    
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira