hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amar Kamat (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-181) Secure job submission
Date Fri, 11 Sep 2009 04:56:58 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754002#action_12754002
] 

Amar Kamat commented on MAPREDUCE-181:
--------------------------------------

bq. _version that contains the storage version (1.0 to start with)
Why cant this be in the respective files as headers? Today we add the version info as the
first line in the file.

bq. The JobTracker doesn't need to do any writes to HDFS, just reads
So you mean to say that we just persist jobid and job-staging location for restart/persistence?
Also the jobtracker will be forced do all the checks for job upon restart as the job files
can change anytime. Also this is a change from the current model where the files once accepted
cannot change. User now can change the jobconf while the job is running. 

> Secure job submission 
> ----------------------
>
>                 Key: MAPREDUCE-181
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-181
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Amar Kamat
>            Assignee: Amar Kamat
>         Attachments: hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch,
HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch
>
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job details. Hence
the {{mapred.system.dir}} has the permissions of {{rwx-wx-wx}}. This could be a security loophole
where the job files might get overwritten/tampered after the job submission. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message