hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hemanth Yamijala (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1418) LinuxTaskController binary misses validation of arguments passed for relative components in some cases.
Date Tue, 06 Apr 2010 10:29:33 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12853840#action_12853840
] 

Hemanth Yamijala commented on MAPREDUCE-1418:
---------------------------------------------

bq. I don't see any special validation done for the method kill_user_task() in task-controller.

This is a valid concern. We have checks in place to prevent this from happening, but those
same checks actually protect against the relative paths as well. Hence, in a sense this JIRA
will be moot given the same assumptions.

Since this JIRA is specifically focused on protecting against relative path usage, I propose
we stick to the course taken by the patch, and fix the kill issue in a follow-up. Thoughts
?

> LinuxTaskController binary misses validation of arguments passed for relative components
in some cases.
> -------------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-1418
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1418
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, tasktracker
>            Reporter: Vinod K V
>            Assignee: Hemanth Yamijala
>         Attachments: MAPREDUCE-1418.patch
>
>
> The function {{int check_path_for_relative_components(char * path)}} should be used to
validate the absence of relative components before any operation is done on those paths. This
is missed in all the {{initialize*()}} functions, as Hemanth pointed out offline.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message