hadoop-mapreduce-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Byng-Maddick (JIRA)" <j...@apache.org>
Subject [jira] Created: (MAPREDUCE-2057) Job Tracker appears to do host access-control (mapred.hosts, mapred.hosts.exclude) based on presented name from TaskTracker
Date Thu, 09 Sep 2010 16:55:33 GMT
Job Tracker appears to do host access-control (mapred.hosts, mapred.hosts.exclude) based on
presented name from TaskTracker
---------------------------------------------------------------------------------------------------------------------------

                 Key: MAPREDUCE-2057
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2057
             Project: Hadoop Map/Reduce
          Issue Type: Bug
          Components: jobtracker
    Affects Versions: 0.20.1
         Environment: Hadoop 0.20.1 - cloudera distribution, multihomed environment.
            Reporter: Matthew Byng-Maddick


As far as I can tell, where the NameNode, in validating the dfs.hosts and dfs.hosts.exclude
files uses the source IP address for the RPC connection, the JobTracker appears to use the
presented hostname (set via slave.host.name or the standard hostname-search semantics) from
the TaskTracker. Obviously this is a security bug as in a production environment it could
allow rogue machines to present the hostname of a real TaskTracker and take over that role,
but it also turns up as a configuration bug because it means that you can set up a (multi-homed,
natch) environment where the same set of files work for the NameNode, but don't for the JobTracker
or vice versa - with the same binding hostname for fs.default.name and mapred.job.tracker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message