You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-commits@hadoop.apache.org by om...@apache.org on 2011/03/04 05:43:57 UTC
svn commit: r1077682 - in
/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred:
LinuxTaskController.java TaskController.java
Author: omalley
Date: Fri Mar 4 04:43:57 2011
New Revision: 1077682
URL: http://svn.apache.org/viewvc?rev=1077682&view=rev
Log:
commit 0f5e85c7d505a303e3717c7bd4da4ba125322f6d
Author: Chris Douglas <cd...@apache.org>
Date: Thu Sep 16 23:06:32 2010 -0700
, : Write task initialization to avoid race conditions
leading to privilege escalation and resource leakage by performing more actions
as the user. Owen O'Malley, Devaraj Das, Chris Douglas
Modified:
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java?rev=1077682&r1=1077681&r2=1077682&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java Fri Mar 4 04:43:57 2011
@@ -172,6 +172,33 @@ class LinuxTaskController extends TaskCo
LOG.debug("initializeJob: " + Arrays.toString(commandArray));
}
try {
+ FileSystem rawFs = FileSystem.getLocal(getConf()).getRaw();
+ long logSize = 0; //TODO, Ref BUG:2854624
+ // get the JVM command line.
+ String cmdLine =
+ TaskLog.buildCommandLine(setup, jvmArguments,
+ new File(stdout), new File(stderr), logSize, true);
+
+ // write the command to a file in the
+ // task specific cache directory
+ Path p = new Path(allocator.getLocalPathForWrite(
+ TaskTracker.getPrivateDirTaskScriptLocation(user, jobId, attemptId),
+ getConf()), COMMAND_FILE);
+ String commandFile = writeCommand(cmdLine, rawFs, p);
+
+ String[] command =
+ new String[]{taskControllerExe,
+ user,
+ Integer.toString(Commands.LAUNCH_TASK_JVM.getValue()),
+ jobId,
+ attemptId,
+ currentWorkDirectory.toString(),
+ commandFile};
+ shExec = new ShellCommandExecutor(command);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("launchTask: " + Arrays.toString(command));
+ }
shExec.execute();
if (LOG.isDebugEnabled()) {
logOutput(shExec.getOutput());
@@ -290,10 +317,5 @@ class LinuxTaskController extends TaskCo
}
}
}
-
- @Override
- public String getRunAsUser(JobConf conf) {
- return conf.getUser();
- }
}
Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java?rev=1077682&r1=1077681&r2=1077682&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java (original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java Fri Mar 4 04:43:57 2011
@@ -169,13 +169,6 @@ public abstract class TaskController imp
}
}
}
-
- /**
- * Returns the local unix user that a given job will run as.
- */
- public String getRunAsUser(JobConf conf) {
- return System.getProperty("user.name");
- }
//Write the JVM command line to a file under the specified directory
// Note that the JVM will be launched using a setuid executable, and