hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Gordon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8874) HADOOP_HOME and -Dhadoop.home (from hadoop wrapper script) are not uniformly handled
Date Sun, 21 Oct 2012 08:54:13 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13480928#comment-13480928
] 

John Gordon commented on HADOOP-8874:
-------------------------------------

The focus of this patch is on SxS for Hadoop, but many of the changes also improve security
and self-consistency.

getQualifiedBinPath is currently scoped to affect only executables that are distributed with
Hadoop.  If you call an executable from within Hadoop code, and it isn't distributed with
Hadoop, this should fail -- and that should give appropriate warning.  Hadoop can't qualify
the safe full path to arbitrary binaries on multiple operating systems/distros/user configurations.
                
> HADOOP_HOME and -Dhadoop.home (from hadoop wrapper script) are not uniformly handled
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-8874
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8874
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: scripts, security
>    Affects Versions: 1-win
>         Environment: Called from external process with -D flag vs HADOOP_HOME set.
>            Reporter: John Gordon
>              Labels: security
>             Fix For: 1-win
>
>         Attachments: fix_home_np.patch, HADOOP-8645.1-win.002.patch
>
>
> There is a -D flag to set hadoop.home, which is specified in the hadoop wrapper scripts.
 This is particularly useful if you want SxS execution of two or more versions of hadoop (e.g.
rolling upgrade).  However, it isn't honored at all.  HADOOP_HOME is used in 3-4 places to
find non-java hadoop components such as schedulers, scripts, shared libraries, or with the
Windows changes -- binaries.
> Ideally, these should all resolve the path in a consistent manner, and callers shuold
have a similar onus applied when trying to resolve an invalid path to their components.  This
is particularly relevant to scripts or binaries that may have security impact, as absolute
path resolution is generally safer and more stable than relative path resolution.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message