hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-181) Secure job submission
Date Fri, 11 Sep 2009 05:10:57 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754006#action_12754006

Owen O'Malley commented on MAPREDUCE-181:

.bq Why cant this be in the respective files as headers? Today we add the version info as
the first line in the file.

It would have to be in all of the files. (job conf, raw split, split metadata) It seems easier
to have a single version. In particular, at some point we will change the job conf from xml
to binary. That isn't easy to do without a version on the directory.

.bq So you mean to say that we just persist jobid and job-staging location for restart/persistence?

Yes. The rest of the information would need to come from the staging directories. We should
probably md5 the jobconf and verify it when it is downloaded by the task trackers and on restart.

I guess I should have listed two more disadvantages:
* the JobTracker needs to be the user to read the files from the staging area
* the user can mess with their jobs after they are submitted

Other than changing the job conf, I can't see any security problems with them changing any
of the files.

> Secure job submission 
> ----------------------
>                 Key: MAPREDUCE-181
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-181
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Amar Kamat
>            Assignee: Amar Kamat
>         Attachments: hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch,
HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch
> Currently the jobclient accesses the {{mapred.system.dir}} to add job details. Hence
the {{mapred.system.dir}} has the permissions of {{rwx-wx-wx}}. This could be a security loophole
where the job files might get overwritten/tampered after the job submission. 

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message