You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2011/05/28 01:25:47 UTC
[jira] [Updated] (MAPREDUCE-2178) Race condition in
LinuxTaskController permissions handling
[ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon updated MAPREDUCE-2178:
-----------------------------------
Attachment: mr-2178-0.22.txt
Since this hasn't made any progress, I took the patch from yahoo-merge and cherry-picked it onto branch-0.22 and did a preliminary resolve of conflicts. Needs more work/testing before commit (haven't even tried to compile the linux task controller, had to comment out some test cases, etc).
> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
> Key: MAPREDUCE-2178
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security, task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
> Fix For: 0.22.0
>
> Attachments: 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch, 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch, ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt, mr-2178-0.22.txt, mr-2178-error-on-launch-fail.txt, mr-2178-y20-sortof.patch, racy-config-check-test-changes.txt
>
>
> The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod on the files inside. There is a race condition here which can be exploited by an attacker, causing the task-controller to improprly chown an arbitrary target file (via a symlink) to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last couple of months]
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira