hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15722) regression: Hadoop 2.7.7 release breaks spark submit
Date Tue, 25 Sep 2018 00:10:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626597#comment-16626597
] 

Daryn Sharp commented on HADOOP-15722:
--------------------------------------

I don't understand how the path {{/tmp/hive-${user.name}}} would ever properly expand in the
given example.  The system property will be the user running the daemon, not user_a nor user_b
unless hive smashes the system property user.name before fetching config keys.  If yes, that's
a bug and latent race condition in hive.

Otherwise, for the original issue that expected user.name to expand to the daemon's user,
the security fix was designed to prevent non-trusted contexts (ie. proxy user) from retrieving
arbitrary properties.  While one might the case that {{user.name}} is innocuous, is {{secret.thing}}?
 How do we decide what is safe?  How about not using the system property in the scratch dir
path?

> regression: Hadoop 2.7.7 release breaks spark submit
> ----------------------------------------------------
>
>                 Key: HADOOP-15722
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15722
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: build, conf, security
>    Affects Versions: 2.7.7
>            Reporter: Steve Loughran
>            Priority: Major
>
> SPARK-25330 highlights that upgrading spark to hadoop 2.7.7 is causing a regression in
client setup, with things only working when {{Configuration.getRestrictParserDefault(Object
resource)}} = false.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message