Return-Path: Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: (qmail 70653 invoked from network); 6 Aug 2010 09:08:47 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 6 Aug 2010 09:08:47 -0000 Received: (qmail 18703 invoked by uid 500); 6 Aug 2010 09:08:47 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 18632 invoked by uid 500); 6 Aug 2010 09:08:45 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 18624 invoked by uid 99); 6 Aug 2010 09:08:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Aug 2010 09:08:44 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 06 Aug 2010 09:08:42 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o7698KpQ005122 for ; Fri, 6 Aug 2010 09:08:21 GMT Message-ID: <7365513.197321281085700791.JavaMail.jira@thor> Date: Fri, 6 Aug 2010 05:08:20 -0400 (EDT) From: "Vinod K V (JIRA)" To: mapreduce-issues@hadoop.apache.org Subject: [jira] Commented: (MAPREDUCE-1994) Linux task-controller determines its own path insecurely In-Reply-To: <1230929.168871280961737334.JavaMail.jira@thor> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MAPREDUCE-1994?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12895999#action_12895999 ] Vinod K V commented on MAPREDUCE-1994: -------------------------------------- bq. I believe you're allowed to make hard links to other files regardless of their permissions. If it were kept in a directory with strict permissions, that would help the issue a little bit. I actually meant that even though an attacker can create hard-links, he/she cannot run it because of the strict permissions. Secure permissions on this file are really really important and are validated by the binary itself anyways. Given that we can simply address the arv[0] spoof problem here. Is that fine? > Linux task-controller determines its own path insecurely > -------------------------------------------------------- > > Key: MAPREDUCE-1994 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-1994 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: security, task-controller > Affects Versions: 0.22.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Critical > > The task-controller uses argv[0] to determine its own path, and then calls stat() on that. Instead it should stat("/proc/self/exe") directly. This is important since argv[0] can be spoofed to point to another program and thus either fool the autodetection of HADOOP_HOME or evade various permissions checks. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.