hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5740) Hadoop JSP pages don't work under a security manager
Date Tue, 28 Apr 2009 16:13:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703697#action_12703697
] 

Steve Loughran commented on HADOOP-5740:
----------------------------------------

Hadoop doesn't work at all with a proper security manager, noted in HADOOP-5731, caused by
the service level auth of HADOOP-4348. 

Even if you switch to a minimal security manager that blocks System.exit() calls (see HADOOP-4532
and HADOOP-5453) but doesnt delegate authorisation to the normal sun policy-driven code doesn't
work, because libraries in Hadoop (here, jetty) and elsewhere RMI both check for a security
manager being present, and if so, get the codebase's policy and add rights to it. That is,
they assume that they can do this, and that it is needed. 

This patch lets both libraries get away with setting permissions, without paying any attention
to the values. It is not a step towards hosting Hadoop under a fully functional security manager,
but should be enough to run Hadoop under a simple manager that blocks exit calls unless asked
very nicely. 

Now, ultimately, I would like to work with a Security Manager, but fixing that is going to
require way more effort. 

> Hadoop JSP pages don't work under a security manager
> ----------------------------------------------------
>
>                 Key: HADOOP-5740
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5740
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: fs, mapred
>    Affects Versions: 0.21.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: hadoop-5740.patch
>
>
> When you run Hadoop under a security manager that says "yes" to all security checks,
you get stack traces when Jetty tries to initialise the JSP engine. Which implies you can't
use Jasper under a security manager

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message