You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2012/06/12 03:52:43 UTC
[jira] [Commented] (MAPREDUCE-4317) Job view ACL checks are too
permissive
[ https://issues.apache.org/jira/browse/MAPREDUCE-4317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13293269#comment-13293269 ]
Hadoop QA commented on MAPREDUCE-4317:
--------------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12531738/MR-4317.patch
against trunk revision .
+1 @author. The patch does not contain any @author tags.
+1 tests included. The patch appears to include 1 new or modified test files.
-1 patch. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-MAPREDUCE-Build/2453//console
This message is automatically generated.
> Job view ACL checks are too permissive
> --------------------------------------
>
> Key: MAPREDUCE-4317
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4317
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: mrv1
> Affects Versions: 1.0.3
> Reporter: Harsh J
> Assignee: Karthik Kambatla
> Attachments: MR-4317.patch
>
>
> The class that does view-based checks, JSPUtil.JobWithViewAccessCheck, has the following internal member:
> {code}private boolean isViewAllowed = true;{code}
> Note that its true.
> Now, in the method that sets proper view-allowed rights, has:
> {code}
> if (user != null && job != null && jt.areACLsEnabled()) {
> final UserGroupInformation ugi =
> UserGroupInformation.createRemoteUser(user);
> try {
> ugi.doAs(new PrivilegedExceptionAction<Void>() {
> public Void run() throws IOException, ServletException {
> // checks job view permission
> jt.getACLsManager().checkAccess(job, ugi,
> Operation.VIEW_JOB_DETAILS);
> return null;
> }
> });
> } catch (AccessControlException e) {
> String errMsg = "User " + ugi.getShortUserName() +
> " failed to view " + jobid + "!<br><br>" + e.getMessage() +
> "<hr><a href=\"jobtracker.jsp\">Go back to JobTracker</a><br>";
> JSPUtil.setErrorAndForward(errMsg, request, response);
> myJob.setViewAccess(false);
> } catch (InterruptedException e) {
> String errMsg = " Interrupted while trying to access " + jobid +
> "<hr><a href=\"jobtracker.jsp\">Go back to JobTracker</a><br>";
> JSPUtil.setErrorAndForward(errMsg, request, response);
> myJob.setViewAccess(false);
> }
> }
> return myJob;
> {code}
> In the above snippet, you can notice that if user==null, which can happen if user is not http-authenticated (as its got via request.getRemoteUser()), can lead to the view being visible since the default is true and we didn't toggle the view to false for user == null case.
> Ideally the default of the view job ACL must be false, or we need an else clause that sets the view rights to false in case of a failure to find the user ID.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira