[jira] [Commented] (MAPREDUCE-2178) Race condition in LinuxTaskController permissions handling

["Hudson (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13289425#comment-13289425 ] 

Hudson commented on MAPREDUCE-2178:
-----------------------------------

Integrated in Hadoop-Mapreduce-22-branch #104 (See [https://builds.apache.org/job/Hadoop-Mapreduce-22-branch/104/])
    MAPREDUCE-2178. Race condition in LinuxTaskController permissions handling. Contributed by Todd Lipcon and Benoy Antony. (Revision 1346214)

     Result = SUCCESS
shv : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1346214
Files : 
* /hadoop/common/branches/branch-0.22/mapreduce/CHANGES.txt
* /hadoop/common/branches/branch-0.22/mapreduce/build.xml
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/Makefile.am
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configuration.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configuration.h
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configure.ac
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/configuration.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/configuration.h
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/main.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.h
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/task-controller.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/task-controller.h
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/test
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/test/test-task-controller.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/tests/test-task-controller.c
* /hadoop/common/branches/branch-0.22/mapreduce/src/contrib/streaming/src/java/org/apache/hadoop/streaming/PipeMapRed.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/Child.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/CleanupQueue.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/DefaultTaskController.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/IsolationRunner.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JobInProgress.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JobLocalizer.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JvmManager.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/LinuxTaskController.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/LocalJobRunner.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/MapTask.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/MapTaskRunner.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/ReduceTask.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/ReduceTaskRunner.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/Task.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskController.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskLog.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskMemoryManagerThread.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskRunner.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskTracker.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskUmbilicalProtocol.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/UserLogCleaner.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/JobContext.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/JobSubmissionFiles.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/DistributedCache.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/TaskDistributedCacheManager.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/TrackerDistributedCacheManager.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/chain/ChainMapContextImpl.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/chain/ChainReduceContextImpl.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/map/WrappedMapper.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/reduce/WrappedReducer.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/server/tasktracker/Localizer.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/task/JobContextImpl.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/MRAsyncDiskService.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/ProcessTree.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/ProcfsBasedProcessTree.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/util/ProcessTree.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/util/ProcfsBasedProcessTree.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/ClusterWithLinuxTaskController.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestDebugScript.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobExecutionAsDifferentUser.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobKillAndFail.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobRetire.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJvmManager.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestKillSubProcesses.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestLinuxTaskController.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestMapRed.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestMiniMRWithDFS.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestSequenceFileInputFormat.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskCommit.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskTrackerLocalization.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskTrackerMemoryManager.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTrackerDistributedCacheManagerWithLinuxTaskController.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestUserLogCleanup.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/UtilsForTests.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapreduce/filecache/TestTrackerDistributedCacheManager.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapreduce/util/TestProcfsBasedProcessTree.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/testshell/ExternalMapReduce.java
* /hadoop/common/branches/branch-0.22/mapreduce/src/test/unit/org/apache/hadoop/mapred/TestTaskTrackerDirectories.java

                
> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
>                 Key: MAPREDUCE-2178
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Benoy Antony
>             Fix For: 0.22.1
>
>         Attachments: 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch, 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch, ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt, mr-2178-0.22.txt, mr-2178-022.patch, mr-2178-022.patch, mr-2178-022.patch, mr-2178-error-on-launch-fail.txt, mr-2178-y20-sortof.patch, mr-2178.patch, racy-config-check-test-changes.txt
>
>
> The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod on the files inside. There is a race condition here which can be exploited by an attacker, causing the task-controller to improprly chown an arbitrary target file (via a symlink) to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last couple of months]

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira