hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-3578) mapred.system.dir should be accessible only to hadoop daemons
Date Wed, 25 Jun 2008 13:13:45 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-3578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12608031#action_12608031
] 

Devaraj Das commented on HADOOP-3578:
-------------------------------------

The only potential issue with Owen's approach is in the case when the JT is lagging behind
in the move of user's jobdir to under the submit dir (maybe jobs are getting submitted at
a high rate), and the JT crashes, the users have to clean up the respective jobdirs. In the
case where the users write the job stuff to a directory known to the JobTracker, this issue
won't arise.. But granted this issue may not happen that frequently.. 

> mapred.system.dir should be accessible only to hadoop daemons 
> --------------------------------------------------------------
>
>                 Key: HADOOP-3578
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3578
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: mapred
>            Reporter: Amar Kamat
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job details. Hence
the {{mapred.system.dir}} has the permissions of {{rwx-wx-wx}}. This could be a security loophole
where the job files might get overwritten/tampered after the job submission. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message