hadoop-common-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From omal...@apache.org
Subject svn commit: r1077683 - in /hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred: LinuxTaskController.java TaskController.java
Date Fri, 04 Mar 2011 04:44:04 GMT
Author: omalley
Date: Fri Mar  4 04:44:04 2011
New Revision: 1077683

URL: http://svn.apache.org/viewvc?rev=1077683&view=rev
Log:
commit b9e954c8cf62cbb6117ef5a97628ab58eb531453
Author: Devaraj Das <ddas@yahoo-inc.com>
Date:   Fri Sep 17 00:37:12 2010 -0700

    : Fixes task log servlet vulnerabilities via symlinks. Contributed by Todd Lipcon and
Devaraj Das.
    
    +++ b/YAHOO-CHANGES.txt
    +    : Fixes task log servlet vulnerabilities via symlinks.
    +    (Todd Lipcon and Devaraj Das)
    +
    +    , : Write task initialization to avoid race conditions
    +    leading to privilege escalation and resource leakage by performing more acti
    +    as the user. Owen O'Malley, Devaraj Das, Chris Douglas
    +

Modified:
    hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
    hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java

Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java?rev=1077683&r1=1077682&r2=1077683&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/LinuxTaskController.java
Fri Mar  4 04:44:04 2011
@@ -317,5 +317,10 @@ class LinuxTaskController extends TaskCo
       }
     }
   }
+
+  @Override
+  public String getRunAsUser(JobConf conf) {
+    return conf.getUser();
+  }
 }
 

Modified: hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java?rev=1077683&r1=1077682&r2=1077683&view=diff
==============================================================================
--- hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
(original)
+++ hadoop/common/branches/branch-0.20-security-patches/src/mapred/org/apache/hadoop/mapred/TaskController.java
Fri Mar  4 04:44:04 2011
@@ -169,6 +169,13 @@ public abstract class TaskController imp
       }
     }
   }
+  
+   /**
+    * Returns the local unix user that a given job will run as.
+    */
+   public String getRunAsUser(JobConf conf) {
+     return System.getProperty("user.name");
+   }
 
   //Write the JVM command line to a file under the specified directory
   // Note that the JVM will be launched using a setuid executable, and



Mime
View raw message