hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] Updated: (MAPREDUCE-2178) Race condition in LinuxTaskController permissions handling
Date Fri, 11 Feb 2011 20:31:57 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Todd Lipcon updated MAPREDUCE-2178:
-----------------------------------

    Attachment: 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch
                0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch
                0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch

Attaching three suggested fixes against the task-controller code in 0.20.100 branch:

- patch 0001 fixes a race condition whereby the permissions checks on taskcontroller.cfg can
be evaded (classic stat/open race, fixed using fstat instead)
- patch 0002 moves the check for number of arguments to after the permissions checks, so a
user can just run "task-controller" to figure out if his permissions are correct. This also
fixes the exception message during LTC setup on the TT if it's misconfigured
- patch 0003 fixes a build failure when compiling with -Werror - the return value of chdir
wasn't checked. (apparently older gcc didn't have this warning)

> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
>                 Key: MAPREDUCE-2178
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Priority: Blocker
>             Fix For: 0.22.0
>
>         Attachments: 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch,
0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch,
mr-2178-y20-sortof.patch
>
>
> The linux-task-controller executable currently traverses a directory heirarchy and calls
chown/chmod on the files inside. There is a race condition here which can be exploited by
an attacker, causing the task-controller to improprly chown an arbitrary target file (via
a symlink) to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last couple of months]

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message