hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1991) taskcontroller allows stealing permissions on any local file
Date Tue, 03 Aug 2010 05:04:19 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894824#action_12894824

Todd Lipcon commented on MAPREDUCE-1991:

Yea, I think switching the order of the checks should be good enough. Or if it's not used,
let's get rid of it - this code is scary since it's mostly running as root, so the simpler
we can make it, the better!

If it's still useful, could we open the log file as the tasktracker user instead of as root?
We can always setuid down to the mapred user, then setuid back up to root when we need it.

> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>                 Key: MAPREDUCE-1991
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: task-controller
>    Affects Versions: 0.21.0, 0.22.0
>            Reporter: Todd Lipcon
>            Priority: Blocker
> The linux task-controller setuid binary allows a malicious user to chmod any file on
the system to 644 (and as a side effect appends some junk to the end)

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message