hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1994) Linux task-controller determines its own path insecurely
Date Sat, 07 Aug 2010 00:24:18 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896203#action_12896203

Todd Lipcon commented on MAPREDUCE-1994:

Oops, missed your comment, sorry!

bq. Secure permissions on this file are really really important and are validated by the binary
itself anyways.

Yep, the issue here is that if the admin has messed up and has an incorrectly configured task-controller
floating around, the user can evade those checks and then use it for ill purposes. It's not
too likely of a scenario, which is why I raised this here instead of security@. What I imagine
happening is someone configuring task-controller incorrectly, trying to enable it in the config,
and it not working. Rather than debug the issue, they switch back to the normal task controller
and leave the setuid binary hanging around.

With the permissions checks, the scenario is safe, but without, the sysadmin has opened a
big hole :)

> Linux task-controller determines its own path insecurely
> --------------------------------------------------------
>                 Key: MAPREDUCE-1994
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1994
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Critical
>         Attachments: mapreduce-1994-prelim.txt
> The task-controller uses argv[0] to determine its own path, and then calls stat() on
that. Instead it should stat("/proc/self/exe") directly. This is important since argv[0] can
be spoofed to point to another program and thus either fool the autodetection of HADOOP_HOME
or evade various permissions checks.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message