Return-Path: Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: (qmail 83541 invoked from network); 2 Feb 2010 05:52:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Feb 2010 05:52:46 -0000 Received: (qmail 68491 invoked by uid 500); 2 Feb 2010 05:52:46 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 68408 invoked by uid 500); 2 Feb 2010 05:52:45 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 68397 invoked by uid 99); 2 Feb 2010 05:52:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2010 05:52:44 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Feb 2010 05:52:42 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 31A1929A0017 for ; Mon, 1 Feb 2010 21:52:19 -0800 (PST) Message-ID: <1324993131.18781265089939201.JavaMail.jira@brutus.apache.org> Date: Tue, 2 Feb 2010 05:52:19 +0000 (UTC) From: "Amareshwari Sriramadasu (JIRA)" To: mapreduce-issues@hadoop.apache.org Subject: [jira] Updated: (MAPREDUCE-899) When using LinuxTaskController, localized files may become accessible to unintended users if permissions are misconfigured. In-Reply-To: <2059046113.1250846234818.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MAPREDUCE-899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amareshwari Sriramadasu updated MAPREDUCE-899: ---------------------------------------------- Release Note: Added configuration "mapreduce.tasktracker.group", a group name to which TaskTracker belongs. When LinuxTaskController is used, task-controller binary's group owner should be this group. The same should be specified in task-controller.cfg also. > When using LinuxTaskController, localized files may become accessible to unintended users if permissions are misconfigured. > --------------------------------------------------------------------------------------------------------------------------- > > Key: MAPREDUCE-899 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-899 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: tasktracker > Reporter: Vinod K V > Assignee: Amareshwari Sriramadasu > Fix For: 0.22.0 > > Attachments: MAPREDUCE-899-20090828.txt, patch-899-1.txt, patch-899-2.txt, patch-899-3.txt, patch-899-4.txt, patch-899-5.txt, patch-899-6.txt, patch-899-7.txt, patch-899.txt, testplan.txt > > > To enforce the accessibility of job files to only the job-owner and the TaskTracker, as per MAPREDUCE-842, it is _trusted_ that the setuid/setgid linux TaskController binary is group owned by a _special group_ to which only TaskTracker belongs and not just any group to which TT belongs. If the trust is broken, possibly due to misconfiguration by admins, the local files become accessible to unintended users, yet giving false sense of security to the admins. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.