hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hemanth Yamijala (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1288) DistributedCache localizes only once per cache URI
Date Fri, 11 Dec 2009 06:54:18 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1288?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12789145#action_12789145
] 

Hemanth Yamijala commented on MAPREDUCE-1288:
---------------------------------------------

bq. Even if the entire path were accessible to everyone,

If the entire path were accessible to everyone on DFS, there's really no great security for
that file. I was just trying to point out that such a case may not even be valid in the context
of how MAPREDUCE-856 was approached (i.e we wanted to secure localized files for users). But
I am concurring that one could theoretically construct a case where the URI was accessible
to a group of users on DFS and since there's no way to securely localize that per group on
the TT, this bug is still valid.

> DistributedCache localizes only once per cache URI
> --------------------------------------------------
>
>                 Key: MAPREDUCE-1288
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1288
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, tasktracker
>    Affects Versions: 0.21.0
>            Reporter: Devaraj Das
>            Priority: Blocker
>             Fix For: 0.21.0
>
>
> As part of the file localization the distributed cache localizer creates a copy of the
file in the corresponding user's private directory. The localization in DistributedCache assumes
the key as the URI of the cachefile and if it already exists in the map, the localization
is not done again. This means that another user cannot access the same distributed cache file.
We should change the key to include the username so that localization is done for every user.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message