hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vinod K V (JIRA)" <j...@apache.org>
Subject [jira] Commented: (MAPREDUCE-1994) Linux task-controller determines its own path insecurely
Date Fri, 06 Aug 2010 09:08:20 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895999#action_12895999

Vinod K V commented on MAPREDUCE-1994:

bq. I believe you're allowed to make hard links to other files regardless of their permissions.
If it were kept in a directory with strict permissions, that would help the issue a little
I actually meant that even though an attacker can create hard-links, he/she cannot run it
because of the strict permissions. Secure permissions on this file are really really important
and are validated by the binary itself anyways.

Given that we can simply address the arv[0] spoof problem here. Is that fine?

> Linux task-controller determines its own path insecurely
> --------------------------------------------------------
>                 Key: MAPREDUCE-1994
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1994
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Critical
> The task-controller uses argv[0] to determine its own path, and then calls stat() on
that. Instead it should stat("/proc/self/exe") directly. This is important since argv[0] can
be spoofed to point to another program and thus either fool the autodetection of HADOOP_HOME
or evade various permissions checks.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message