You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-dev@hadoop.apache.org by "john lilley (Jira)" <ji...@apache.org> on 2019/11/30 15:25:00 UTC
[jira] [Created] (YARN-10007) YARN logs contain environment
variables, which is a security risk
john lilley created YARN-10007:
----------------------------------
Summary: YARN logs contain environment variables, which is a security risk
Key: YARN-10007
URL: https://issues.apache.org/jira/browse/YARN-10007
Project: Hadoop YARN
Issue Type: Bug
Components: yarn
Reporter: john lilley
In most environments it is standard practice to relay "secrets" via environment variables when spawning a process, because the alternatives (command-line args or storing in a file) are insecure. However, in a YARN application, this also appears to be insecure because the environment is logged. While YARN has the ability to relay delegation tokens in the launch context, it is unclear how to use this facility for generalized "secrets" that may not conform to security-token structure.
For example, the RPDM_KEYSTORE_PASSWORDS env var is found in the aggregated YARN logs:
{{Container: container_e06_1574362398372_0023_01_000001 on node6.xxxxxxxx.com_45454}}
{{LogAggregationType: AGGREGATED}}
{{============================================================================================}}
{{LogType:launch_container.sh}}
{{LogLastModifiedTime:Sat Nov 23 14:58:12 -0700 2019}}
{{LogLength:4043}}
{{LogContents:}}
{{#!/bin/bash}}{{set -o pipefail -e}}
{{[...]export HADOOP_YARN_HOME=${HADOOP_YARN_HOME:-"/usr/hdp/2.6.5.1175-1/hadoop-yarn"}}}
{{export RPDM_KEYSTORE_PASSWORDS="eyJnZW5lcmFsIjoiZmtQZllubmVLRVo4c1Z0V0REQ3gxaHJzRnVjdVN5b1NBTE9OUTF1dEZpZ1x1MDAzZCJ9"}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org