Return-Path: Delivered-To: apmail-hadoop-core-dev-archive@www.apache.org Received: (qmail 35045 invoked from network); 19 Jun 2008 06:04:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Jun 2008 06:04:37 -0000 Received: (qmail 65065 invoked by uid 500); 19 Jun 2008 06:04:37 -0000 Delivered-To: apmail-hadoop-core-dev-archive@hadoop.apache.org Received: (qmail 65029 invoked by uid 500); 19 Jun 2008 06:04:37 -0000 Mailing-List: contact core-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: core-dev@hadoop.apache.org Delivered-To: mailing list core-dev@hadoop.apache.org Received: (qmail 65018 invoked by uid 99); 19 Jun 2008 06:04:37 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jun 2008 23:04:37 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 19 Jun 2008 06:03:56 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 15A91234C147 for ; Wed, 18 Jun 2008 23:03:45 -0700 (PDT) Message-ID: <1833525589.1213855425087.JavaMail.jira@brutus> Date: Wed, 18 Jun 2008 23:03:45 -0700 (PDT) From: "Hemanth Yamijala (JIRA)" To: core-dev@hadoop.apache.org Subject: [jira] Commented: (HADOOP-3578) mapred.system.dir should be accessible only to hadoop daemons In-Reply-To: <1322367835.1213682984936.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-3578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12606252#action_12606252 ] Hemanth Yamijala commented on HADOOP-3578: ------------------------------------------ bq. Only if their names are known. Since the directory cannot be listed except by owner, if random names are used, then others cannot remove them. The names of the job directories start with job_. hadoop dfs -rmr job_* would remove them, right ? I tried it on my directories, and wild card removal of directories seems to be working. So, I am assuming it will work even for the mapred system directories children. > mapred.system.dir should be accessible only to hadoop daemons > -------------------------------------------------------------- > > Key: HADOOP-3578 > URL: https://issues.apache.org/jira/browse/HADOOP-3578 > Project: Hadoop Core > Issue Type: Bug > Components: mapred > Reporter: Amar Kamat > > Currently the jobclient accesses the {{mapred.system.dir}} to add job details. Hence the {{mapred.system.dir}} has the permissions of {{rwx-wx-wx}}. This could be a security loophole where the job files might get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.