hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luke Lu (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-2858) MRv2 WebApp Security
Date Wed, 26 Oct 2011 13:03:32 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13135927#comment-13135927
] 

Luke Lu commented on MAPREDUCE-2858:
------------------------------------

For the record, I'm +0 on the changes as is, as there are some minor (code and security) issues
(unnecessary/redundant code for WebApps and embedding proxy in RM and the way the proxy is
written and missing logging for same user case (in case of race) and lack of unit tests for
the proxy and filter) and only one major issue that's easy to fix (redirecting to original
tracking url (presumably history server) is unsafe, as the url is specified by users) and
that I don't have bandwidth right now to iterate on the issue. I'll file another Jira to improve
the current solution, which leaves much to be desired.

bq. if you could tell me where the security errors were in the previous patch I would appreciate
it.

The original patch embed the link unescaped in warnUserPage. You only uriEncode the application
id but not the rest of the path components from a request.
                
> MRv2 WebApp Security
> --------------------
>
>                 Key: MAPREDUCE-2858
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2858
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: applicationmaster, mrv2, security
>    Affects Versions: 0.23.0
>            Reporter: Luke Lu
>            Assignee: Robert Joseph Evans
>            Priority: Blocker
>             Fix For: 0.23.0
>
>         Attachments: MAPREDUCE-2858.patch, MAPREDUCE-2858.patch, MR-2858-branch-0.23.txt,
MR-2858-branch-0.23.txt, MR-2858-branch-0.23.txt, MR-2858-branch-0.23.txt, MR-2858.txt, MR-2858.txt,
MR-2858.txt, MR-2858.txt
>
>
> In MRv2, while the system servers (ResourceManager (RM), NodeManager (NM) and NameNode
(NN)) run as "trusted"
> system users, the application masters (AM) run as users who submit the application. While
this offers great flexibility
> to run multiple version of mapreduce frameworks (including their UI) on the same Hadoop
cluster, it has significant
> implication for the security of webapps (Please do not discuss company specific vulnerabilities
here).
> Requirements:
> # Secure authentication for AM (for app/job level ACLs).
> # Webapp security should be optional via site configuration.
> # Support existing pluggable single sign on mechanisms.
> # Should not require per app/user configuration for deployment.
> # Should not require special site-wide DNS configuration for deployment.
> This the top jira for webapp security. A design doc/notes of threat-modeling and counter
measures will be posted on the wiki.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message