hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinayakumar B (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12687) SecureUtil#getByName should also try to resolve direct hostname, incase multiple loopback addresses are present in /etc/hosts
Date Fri, 08 Jan 2016 11:10:39 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15089072#comment-15089072
] 

Vinayakumar B commented on HADOOP-12687:
----------------------------------------

bq. If essentially undoes the security check in getByExactName(). When doing hostname lookups,
the hostname must be rooted(“.” added to the end to avoid the security hole in RFC 1535).
This patch undoes that check.
After seeing the RFC 1535, I agree that direct look up without trailing dot may connect to
unauthorized machine or wrong machine after searching through different search domains.
But in current case, with patch, direct look-up is being done after all check is done including
trailing dot and search domains.
Is it still a RFC violation to lookup for direct host?

below code itself throws {{UnKnownHostException}}, i.e. its not able to resolve its own hostname.
This happens only in linux(ubuntu), works fine in windows though.
{code}SecurityUtil.getByName(InetSocketAddress.getLocalhost().getHostName()){code}

> SecureUtil#getByName should also try to resolve direct hostname, incase multiple loopback
addresses are present in /etc/hosts
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12687
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12687
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Junping Du
>            Assignee: Sunil G
>              Labels: security
>         Attachments: 0001-YARN-4352.patch, 0002-YARN-4352.patch, 0003-HADOOP-12687.patch,
0004-HADOOP-12687.patch
>
>
> From https://builds.apache.org/job/PreCommit-YARN-Build/9661/artifact/patchprocess/patch-unit-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-client-jdk1.7.0_79.txt,
we can see the tests in TestYarnClient, TestAMRMClient and TestNMClient get timeout which
can be reproduced locally.
> When {{/etc/hosts}} has multiple loopback entries, {{InetAddress.getByName(null)}} will
be returning the first entry present in etc/hosts. Hence its possible that machine hostname
can be second in list and cause {{UnKnownHostException}}.
> Suggesting a direct resolve for such hostname scenarios.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message