hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-2743) [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
Date Mon, 27 Aug 2012 16:12:08 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442501#comment-13442501
] 

Daryn Sharp commented on MAPREDUCE-2743:
----------------------------------------

(Just for context: although the tokens have an expiration, they don't really expire when the
job completes which allows them to be reused until the maximum lifetime expires)
                
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container
launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, nodemanager, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of
tokens for repetitive container launches. The possibility of such abuse is there in the current
code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should
solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message