hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5731) IPC call can raise security exceptions when the remote node is running under a security manager
Date Thu, 23 Apr 2009 15:13:30 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5731?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12701959#action_12701959
] 

Steve Loughran commented on HADOOP-5731:
----------------------------------------

catching and logging the setAccessible operation allows the method call to proceed, but other
problems surface

1. I get some access control problems
{code}
[sf-startdaemon-debug] java.io.IOException: java.security.AccessControlException: access denied
(javax.security.auth.AuthPermission getSubject)
[sf-startdaemon-debug] 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
[sf-startdaemon-debug] 	at java.security.AccessController.checkPermission(AccessController.java:546)
[sf-startdaemon-debug] 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
[sf-startdaemon-debug] 	at javax.security.auth.Subject.getSubject(Subject.java:268)
[sf-startdaemon-debug] 	at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:84)
[sf-startdaemon-debug] 	at org.apache.hadoop.security.UserGroupInformation.getCurrentUGI(UserGroupInformation.java:44)
[sf-startdaemon-debug] 	at org.apache.hadoop.hdfs.server.namenode.NameNode.mkdirs(NameNode.java:642)
[sf-startdaemon-debug] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[sf-startdaemon-debug] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[sf-startdaemon-debug] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[sf-startdaemon-debug] 	at java.lang.reflect.Method.invoke(Method.java:597)
[sf-startdaemon-debug] 	at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:516)
[sf-startdaemon-debug] 	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:959)
[sf-startdaemon-debug] 	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:955)
[sf-startdaemon-debug] 	at javax.security.auth.Subject.doAs(Subject.java:396)
[sf-startdaemon-debug] 	at org.apache.hadoop.ipc.Server$Handler.run(Server.java:953)
{code}

2. RMI stops working
{code}
java.lang.SecurityException: attempt to add a Permission to a readonly Permissions object
at java.security.Permissions.add(Permissions.java:110)
at java.security.Policy$UnsupportedEmptyCollection.add(Policy.java:790)
at sun.rmi.server.LoaderHandler.getLoaderAccessControlContext(LoaderHandler.java:985)
at sun.rmi.server.LoaderHandler.lookupLoader(LoaderHandler.java:861)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:385)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:165)
at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:620)
at org.smartfrog.sfcore.security.SFRMIClassLoaderSpi.loadClass(SFRMIClassLoaderSpi.java:90)
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:247)
at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:197)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
at sun.rmi.server.UnicastRef.unmarshalValue(UnicastRef.java:306)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:290)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
{code}

Now, this could be my fault for using RMI, but I think a trigger for a lot of this trouble
is line 959 of hadoop.ipc.Server, which invokes things as the user who made the remote call.
And that somehow switching to a new user for the call is causing problems when running under
a security manager, because the user making the call isnt trusted enough.

> IPC call can raise security exceptions when the remote node is running under a security
manager
> -----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-5731
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5731
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: ipc
>    Affects Versions: 0.21.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>
> I'm getting a security exception (java.lang.reflect.ReflectPermission suppressAccessChecks)
in RPC.Server.call(), when calling a datanode brought up under a security manager, in method.setAccessible(true)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message