giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Koontz (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GIRAPH-212) Security is busted since GIRAPH-168
Date Tue, 14 Aug 2012 21:27:38 GMT

    [ https://issues.apache.org/jira/browse/GIRAPH-212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13434539#comment-13434539
] 

Eugene Koontz commented on GIRAPH-212:
--------------------------------------

Currently, we have (since GIRAPH-186):

||profile||HADOOP_NON_SECURE||HADOOP_NON_SASL||HADOOP_NON_INTERVERSIONED_RPC||
|hadoop_non_secure|x|x|x|
|hadoop_facebook  |x|x| |
|hadoop_0.20.203  | |x|x|
|hadoop_0.23      | | | |
|hadoop_2.0.0     | | | |
|hadoop_trunk     | | | |


this patch changes the above to:
||profile||HADOOP_NON_SECURE||HADOOP_NON_INTERVERSIONED_RPC||HADOOP_NON_JOBCONTEXT_IS_INTERFACE||HADOOP_1_AUTHORIZE||
|hadoop_non_secure| |x|x|x|
|hadoop_facebook  |x|x| | |
|hadoop_0.23      | | | | |
|hadoop_2.0.0     | | | | |
|hadoop_trunk     | | | | |


Notice that the HADOOP_NON_SASL Munge flag is gone - it made an incorrect distinction between
earlier and later Hadoop versions, which causes the bug described by this JIRA. It is replaced
with the correct distinction using the Munge flags: HADOOP_NON_JOBCONTEXT_IS_INTERFACE and
HADOOP_1_AUTHORIZE. 

Although this seems like a change to make things more complicated by increasing the number
of Munge flags, it makes the correct distinction between Hadoop versions. Newer Hadoops (post-1.0)
remain unaffected by Munge, as they should be.
                
> Security is busted since GIRAPH-168
> -----------------------------------
>
>                 Key: GIRAPH-212
>                 URL: https://issues.apache.org/jira/browse/GIRAPH-212
>             Project: Giraph
>          Issue Type: Bug
>          Components: build
>    Affects Versions: 0.2.0
>            Reporter: Jakob Homan
>            Assignee: Eugene Koontz
>            Priority: Critical
>             Fix For: 0.2.0
>
>         Attachments: core-site.xml, GIRAPH-212.patch, GIRAPH-212.patch, hdfs-site.xml,
mapred-site.xml
>
>
> As reported on the mailing list and verified here on our clusters, something's gone screwy
with Giraph jobs on secure hadoop.  I reverted back before GIRAPH-168 and this goes away,
although I've not found out what it is yet (and may not be 168).  
> RPC clients are trying to open connections with the wrong configuration relative to the
servers.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message