Return-Path: Delivered-To: apmail-hadoop-core-dev-archive@www.apache.org Received: (qmail 95864 invoked from network); 18 Jun 2008 06:53:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 18 Jun 2008 06:53:11 -0000 Received: (qmail 61405 invoked by uid 500); 18 Jun 2008 06:53:08 -0000 Delivered-To: apmail-hadoop-core-dev-archive@hadoop.apache.org Received: (qmail 61388 invoked by uid 500); 18 Jun 2008 06:53:08 -0000 Mailing-List: contact core-dev-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: core-dev@hadoop.apache.org Delivered-To: mailing list core-dev@hadoop.apache.org Received: (qmail 61374 invoked by uid 99); 18 Jun 2008 06:53:08 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Jun 2008 23:53:08 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jun 2008 06:52:26 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 1C322234C143 for ; Tue, 17 Jun 2008 23:52:45 -0700 (PDT) Message-ID: <946317282.1213771965114.JavaMail.jira@brutus> Date: Tue, 17 Jun 2008 23:52:45 -0700 (PDT) From: "Devaraj Das (JIRA)" To: core-dev@hadoop.apache.org Subject: [jira] Commented: (HADOOP-3578) mapred.system.dir should be accessible only to hadoop daemons In-Reply-To: <1322367835.1213682984936.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HADOOP-3578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12605866#action_12605866 ] Devaraj Das commented on HADOOP-3578: ------------------------------------- If the JobTracker is the only one writing to a private location then it can take care of this situation. For e.g., the JobTracker could create directories with a different name for each job (even from the same user). The problem with having the user-dir is that we need to make sure that over time garbage doesn't accumulate. If we put the onus on the user to clear the garbage, how does the user know for sure the jobtracker has copied the stuff over (this is one thing we need to worry about especially with restartability of jobtracker). To be absolutely sure that there are no security loopholes (for e.g. don't allow other users to even look at the job.xml of my job), the proposal of sending stuff over rpc makes sense. Of course, we need to fix other things like the webUI (authenticate the user before allowing him to view the job details) to make this a reality. > mapred.system.dir should be accessible only to hadoop daemons > -------------------------------------------------------------- > > Key: HADOOP-3578 > URL: https://issues.apache.org/jira/browse/HADOOP-3578 > Project: Hadoop Core > Issue Type: Bug > Components: mapred > Reporter: Amar Kamat > > Currently the jobclient accesses the {{mapred.system.dir}} to add job details. Hence the {{mapred.system.dir}} has the permissions of {{rwx-wx-wx}}. This could be a security loophole where the job files might get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.