You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-issues@hadoop.apache.org by "Daryn Sharp (JIRA)" <ji...@apache.org> on 2012/05/10 15:37:50 UTC

[jira] [Commented] (MAPREDUCE-2178) Race condition in LinuxTaskController permissions handling

    [ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13272323#comment-13272323 ] 

Daryn Sharp commented on MAPREDUCE-2178:
----------------------------------------

Would you be willing to please post a patch w/o all the build changes that moved the files?  Even if only for sake of review?  Otherwise it's hard to figure out what actually changed.
                
> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
>                 Key: MAPREDUCE-2178
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Devaraj Das
>             Fix For: 0.22.1
>
>         Attachments: 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch, 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch, ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt, mr-2178-0.22.txt, mr-2178-error-on-launch-fail.txt, mr-2178-y20-sortof.patch, mr-2178.patch, racy-config-check-test-changes.txt
>
>
> The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod on the files inside. There is a race condition here which can be exploited by an attacker, causing the task-controller to improprly chown an arbitrary target file (via a symlink) to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last couple of months]

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira