Return-Path: Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: (qmail 84503 invoked from network); 9 Sep 2010 16:55:55 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 9 Sep 2010 16:55:55 -0000 Received: (qmail 6524 invoked by uid 500); 9 Sep 2010 16:55:55 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 6494 invoked by uid 500); 9 Sep 2010 16:55:54 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 6486 invoked by uid 99); 9 Sep 2010 16:55:54 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Sep 2010 16:55:54 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Sep 2010 16:55:53 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id o89GtXb4022091 for ; Thu, 9 Sep 2010 16:55:33 GMT Message-ID: <31361583.98331284051333616.JavaMail.jira@thor> Date: Thu, 9 Sep 2010 12:55:33 -0400 (EDT) From: "Matthew Byng-Maddick (JIRA)" To: mapreduce-issues@hadoop.apache.org Subject: [jira] Created: (MAPREDUCE-2057) Job Tracker appears to do host access-control (mapred.hosts, mapred.hosts.exclude) based on presented name from TaskTracker MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Job Tracker appears to do host access-control (mapred.hosts, mapred.hosts.exclude) based on presented name from TaskTracker --------------------------------------------------------------------------------------------------------------------------- Key: MAPREDUCE-2057 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2057 Project: Hadoop Map/Reduce Issue Type: Bug Components: jobtracker Affects Versions: 0.20.1 Environment: Hadoop 0.20.1 - cloudera distribution, multihomed environment. Reporter: Matthew Byng-Maddick As far as I can tell, where the NameNode, in validating the dfs.hosts and dfs.hosts.exclude files uses the source IP address for the RPC connection, the JobTracker appears to use the presented hostname (set via slave.host.name or the standard hostname-search semantics) from the TaskTracker. Obviously this is a security bug as in a production environment it could allow rogue machines to present the hostname of a real TaskTracker and take over that role, but it also turns up as a configuration bug because it means that you can set up a (multi-homed, natch) environment where the same set of files work for the NameNode, but don't for the JobTracker or vice versa - with the same binding hostname for fs.default.name and mapred.job.tracker. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.