hadoop-mapreduce-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] Created: (MAPREDUCE-2178) Race condition in LinuxTaskController permissions handling
Date Tue, 09 Nov 2010 02:20:07 GMT
Race condition in LinuxTaskController permissions handling

                 Key: MAPREDUCE-2178
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
             Project: Hadoop Map/Reduce
          Issue Type: Bug
          Components: security, task-controller
    Affects Versions: 0.22.0
            Reporter: Todd Lipcon
            Priority: Blocker

The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod
on the files inside. There is a race condition here which can be exploited by an attacker,
causing the task-controller to improprly chown an arbitrary target file (via a symlink) to
the user running a MR job. This can be exploited to escalate to root.

[this issue was raised and discussed on the security@ list over the last couple of months]

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message