hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MAPREDUCE-2178) Race condition in LinuxTaskController permissions handling
Date Fri, 27 May 2011 23:25:47 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Todd Lipcon updated MAPREDUCE-2178:
-----------------------------------

    Attachment: mr-2178-0.22.txt

Since this hasn't made any progress, I took the patch from yahoo-merge and cherry-picked it
onto branch-0.22 and did a preliminary resolve of conflicts. Needs more work/testing before
commit (haven't even tried to compile the linux task controller, had to comment out some test
cases, etc).

> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
>                 Key: MAPREDUCE-2178
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Priority: Blocker
>             Fix For: 0.22.0
>
>         Attachments: 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch,
0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch,
ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt, mr-2178-0.22.txt, mr-2178-error-on-launch-fail.txt,
mr-2178-y20-sortof.patch, racy-config-check-test-changes.txt
>
>
> The linux-task-controller executable currently traverses a directory heirarchy and calls
chown/chmod on the files inside. There is a race condition here which can be exploited by
an attacker, causing the task-controller to improprly chown an arbitrary target file (via
a symlink) to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last couple of months]

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message