Return-Path: Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: (qmail 60608 invoked from network); 30 Dec 2010 03:00:14 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 30 Dec 2010 03:00:14 -0000 Received: (qmail 56066 invoked by uid 500); 30 Dec 2010 03:00:14 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 55952 invoked by uid 500); 30 Dec 2010 03:00:12 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 55944 invoked by uid 99); 30 Dec 2010 03:00:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Dec 2010 03:00:11 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.22] (HELO thor.apache.org) (140.211.11.22) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Dec 2010 03:00:09 +0000 Received: from thor (localhost [127.0.0.1]) by thor.apache.org (8.13.8+Sun/8.13.8) with ESMTP id oBU2xlEo023566 for ; Thu, 30 Dec 2010 02:59:47 GMT Message-ID: <22602875.67351293677987678.JavaMail.jira@thor> Date: Wed, 29 Dec 2010 21:59:47 -0500 (EST) From: "Todd Lipcon (JIRA)" To: mapreduce-issues@hadoop.apache.org Subject: [jira] Commented: (MAPREDUCE-2096) Secure local filesystem IO from symlink vulnerabilities MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MAPREDUCE-2096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975957#action_12975957 ] Todd Lipcon commented on MAPREDUCE-2096: ---------------------------------------- Results on mapreduce-2096.2.txt: [exec] +1 overall. [exec] [exec] +1 @author. The patch does not contain any @author tags. [exec] [exec] +1 tests included. The patch appears to include 3 new or modified tests. [exec] [exec] +1 javadoc. The javadoc tool did not generate any warning messages. [exec] [exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings. [exec] [exec] +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. [exec] [exec] +1 release audit. The applied patch does not increase the total number of release audit warnings. [exec] [exec] +1 system test framework. The patch passed system test framework compile. Unit tests pass except for the known timeouts from trunk. > Secure local filesystem IO from symlink vulnerabilities > ------------------------------------------------------- > > Key: MAPREDUCE-2096 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-2096 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: jobtracker, security, tasktracker > Affects Versions: 0.22.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Blocker > Fix For: 0.22.0 > > Attachments: mapreduce-2096-index-oob.txt, mapreduce-2096.2.txt, mapreduce-2096.txt, secure-files-9.txt, secure-files-authorized-jvm-fix.txt > > > This JIRA is to contribute a patch developed on the private security@ mailing list. > The vulnerability is that MR daemons occasionally open files that are located in a path where the user has write access. A malicious user may place a symlink in place of the expected file in order to cause the daemon to instead read another file on the system -- one which the attacker may not naturally be able to access. This includes delegation tokens belong to other users, log files, keytabs, etc. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.