hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sreekanth Ramakrishnan (JIRA)" <j...@apache.org>
Subject [jira] Updated: (HADOOP-5420) Support killing of process groups in LinuxTaskController binary
Date Tue, 26 May 2009 05:01:45 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-5420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Sreekanth Ramakrishnan updated HADOOP-5420:

    Attachment: hadoop-5420-8.patch

Attaching new patch with few changes to code based on internal testing results:

* It was found that users could execute arbitrary scripts using task-controller binary by
directly invoking binary in their tasks and using relative paths to point to that script.
So following checks are added, all constructed paths in binary are resolved and checked if
the resolved path and absolute path are one and same. Second check was added to check if the
taskjvm.sh is actually owned by task-tracker. If the file is not owned by the task-tracker.
The binary would not execute the script.
* Changed documentation to note the fact that, the binary's group ownership should be that
of task-tracker and cluster users should not be part of this group. The suggested permission
of the task-controller has been changed to 4510.
* Removed pid writing by task tracker.

> Support killing of process groups in LinuxTaskController binary
> ---------------------------------------------------------------
>                 Key: HADOOP-5420
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5420
>             Project: Hadoop Core
>          Issue Type: Bug
>            Reporter: Sreekanth Ramakrishnan
>            Assignee: Sreekanth Ramakrishnan
>         Attachments: hadoop-5420-1.patch, hadoop-5420-2.patch, hadoop-5420-3.patch, hadoop-5420-4.patch,
hadoop-5420-5.patch, hadoop-5420-6.patch, hadoop-5420-7.patch, hadoop-5420-8.patch, hadoop-5420.patch
> Support setsid based kill in LinuxTaskController.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message