You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "lujie (Jira)" <ji...@apache.org> on 2022/05/14 07:26:00 UTC
[jira] [Updated] (YARN-11150) sensitive inform may leak due to crash
[ https://issues.apache.org/jira/browse/YARN-11150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lujie updated YARN-11150:
-------------------------
Description:
current, we implement
{code:java}
// private FSDataOutputStream createLogFileStream(FileSystem fileSystem,
Path logPathToCreate)
throws IOException {
FSDataOutputStream streamToCreate;
if (!isAppendSupported) {
logPathToCreate =
new Path(logPathToCreate.getParent(),
(logPathToCreate.getName() + "_" + Time.monotonicNow()));
}
if (!fileSystem.exists(logPathToCreate)) {
streamToCreate = fileSystem.create(logPathToCreate, false);
fileSystem.setPermission(logPathToCreate,
new FsPermission(FILE_LOG_PERMISSIONS));
} else {
streamToCreate = fileSystem.append(logPathToCreate);
}
return streamToCreate;
} {code}
but if node crash before setPermission, then the permission of log file will be 755 forever.
code should be like
{code:java}
// private FSDataOutputStream createLogFileStream(FileSystem fileSystem,
Path logPathToCreate)
throws IOException {
FSDataOutputStream streamToCreate;
if (!isAppendSupported) {
logPathToCreate =
new Path(logPathToCreate.getParent(),
(logPathToCreate.getName() + "_" + Time.monotonicNow()));
}
if (!fileSystem.exists(logPathToCreate)) {
streamToCreate = fileSystem.create(logPathToCreate, false);
fileSystem.setPermission(logPathToCreate,
new FsPermission(FILE_LOG_PERMISSIONS));
} else {
streamToCreate = fileSystem.append(logPathToCreate);
}
if (!fileSystem.getStatus(logPathToCreate).getPermission().equals(FILE_LOG_PERMISSIONS)) {
fs.setPermission(dir, FILE_LOG_PERMISSIONS);
}
} {code}
> sensitive inform may leak due to crash
> --------------------------------------
>
> Key: YARN-11150
> URL: https://issues.apache.org/jira/browse/YARN-11150
> Project: Hadoop YARN
> Issue Type: Bug
> Reporter: lujie
> Priority: Major
>
> current, we implement
>
> {code:java}
> // private FSDataOutputStream createLogFileStream(FileSystem fileSystem,
> Path logPathToCreate)
> throws IOException {
> FSDataOutputStream streamToCreate;
> if (!isAppendSupported) {
> logPathToCreate =
> new Path(logPathToCreate.getParent(),
> (logPathToCreate.getName() + "_" + Time.monotonicNow()));
> }
> if (!fileSystem.exists(logPathToCreate)) {
> streamToCreate = fileSystem.create(logPathToCreate, false);
> fileSystem.setPermission(logPathToCreate,
> new FsPermission(FILE_LOG_PERMISSIONS));
> } else {
> streamToCreate = fileSystem.append(logPathToCreate);
> }
> return streamToCreate;
> } {code}
> but if node crash before setPermission, then the permission of log file will be 755 forever.
>
>
> code should be like
>
>
> {code:java}
> // private FSDataOutputStream createLogFileStream(FileSystem fileSystem,
> Path logPathToCreate)
> throws IOException {
> FSDataOutputStream streamToCreate;
> if (!isAppendSupported) {
> logPathToCreate =
> new Path(logPathToCreate.getParent(),
> (logPathToCreate.getName() + "_" + Time.monotonicNow()));
> }
> if (!fileSystem.exists(logPathToCreate)) {
> streamToCreate = fileSystem.create(logPathToCreate, false);
> fileSystem.setPermission(logPathToCreate,
> new FsPermission(FILE_LOG_PERMISSIONS));
> } else {
> streamToCreate = fileSystem.append(logPathToCreate);
> }
> if (!fileSystem.getStatus(logPathToCreate).getPermission().equals(FILE_LOG_PERMISSIONS)) {
> fs.setPermission(dir, FILE_LOG_PERMISSIONS);
> }
> } {code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org