hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Devaraj Das (JIRA)" <j...@apache.org>
Subject [jira] Updated: (MAPREDUCE-181) Secure job submission
Date Sat, 19 Dec 2009 00:44:18 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Devaraj Das updated MAPREDUCE-181:
----------------------------------

    Attachment: 181-6.patch

In my local tests, i discovered that i had to do a bunch of changes to work around the extra
checks that i introduced in the last patch. One of them being check for ownership of the staging
dir now includes a check for the UGI of the submitting user (otherwise tests that fake UGI
were failing during job submission). I also introduced a method for getting the staging area
location from the JobTracker (so that the user's home dir doesn't get clobbered with files
in .staging dir when tests are run).
I am still testing this patch. With the server side groups patch in, i might need to do some
minor changes in the testcases for them to work in the new model of job submission. But this
should mostly be good overall..  Up for review.

> Secure job submission 
> ----------------------
>
>                 Key: MAPREDUCE-181
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-181
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>            Reporter: Amar Kamat
>            Assignee: Devaraj Das
>             Fix For: 0.22.0
>
>         Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, 181-4.patch,
181-5.1.patch, 181-5.1.patch, 181-6.patch, hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch,
HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch
>
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job details. Hence
the {{mapred.system.dir}} has the permissions of {{rwx-wx-wx}}. This could be a security loophole
where the job files might get overwritten/tampered after the job submission. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message