Return-Path: Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: (qmail 76590 invoked from network); 7 Aug 2010 00:24:42 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 7 Aug 2010 00:24:42 -0000 Received: (qmail 61691 invoked by uid 500); 7 Aug 2010 00:24:42 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 61592 invoked by uid 500); 7 Aug 2010 00:24:42 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 61584 invoked by uid 99); 7 Aug 2010 00:24:42 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Aug 2010 00:24:42 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Aug 2010 00:24:40 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o770OIN1013725 for ; Sat, 7 Aug 2010 00:24:19 GMT Message-ID: <2382975.208041281140658716.JavaMail.jira@thor> Date: Fri, 6 Aug 2010 20:24:18 -0400 (EDT) From: "Todd Lipcon (JIRA)" To: mapreduce-issues@hadoop.apache.org Subject: [jira] Commented: (MAPREDUCE-1994) Linux task-controller determines its own path insecurely In-Reply-To: <1230929.168871280961737334.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MAPREDUCE-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12896203#action_12896203 ] Todd Lipcon commented on MAPREDUCE-1994: ---------------------------------------- Oops, missed your comment, sorry! bq. Secure permissions on this file are really really important and are validated by the binary itself anyways. Yep, the issue here is that if the admin has messed up and has an incorrectly configured task-controller floating around, the user can evade those checks and then use it for ill purposes. It's not too likely of a scenario, which is why I raised this here instead of security@. What I imagine happening is someone configuring task-controller incorrectly, trying to enable it in the config, and it not working. Rather than debug the issue, they switch back to the normal task controller and leave the setuid binary hanging around. With the permissions checks, the scenario is safe, but without, the sysadmin has opened a big hole :) > Linux task-controller determines its own path insecurely > -------------------------------------------------------- > > Key: MAPREDUCE-1994 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-1994 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: security, task-controller > Affects Versions: 0.22.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Critical > Attachments: mapreduce-1994-prelim.txt > > > The task-controller uses argv[0] to determine its own path, and then calls stat() on that. Instead it should stat("/proc/self/exe") directly. This is important since argv[0] can be spoofed to point to another program and thus either fool the autodetection of HADOOP_HOME or evade various permissions checks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.