Return-Path: 
 <mapreduce-issues-return-51341-apmail-hadoop-mapreduce-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E4B03D6C7
	for <apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org>;
 Mon, 27 Aug 2012 16:10:08 +0000 (UTC)
Received: (qmail 26532 invoked by uid 500); 27 Aug 2012 16:10:08 -0000
Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org
Received: (qmail 26459 invoked by uid 500); 27 Aug 2012 16:10:08 -0000
Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:mapreduce-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:mapreduce-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:mapreduce-issues@hadoop.apache.org>
List-Id: <mapreduce-issues.hadoop.apache.org>
Reply-To: mapreduce-issues@hadoop.apache.org
Delivered-To: mailing list mapreduce-issues@hadoop.apache.org
Received: (qmail 26447 invoked by uid 99); 27 Aug 2012 16:10:08 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Aug 2012 16:10:08 +0000
Date: Tue, 28 Aug 2012 03:10:08 +1100 (NCT)
From: "Daryn Sharp (JIRA)" <jira@apache.org>
To: mapreduce-issues@hadoop.apache.org
Message-ID: <1328581055.1782.1346083808657.JavaMail.jiratomcat@arcas>
In-Reply-To: 
 <913076037.17482.1311911049548.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Commented] (MAPREDUCE-2743) [MR-279] [Security] AM should
 not be able to abuse container tokens for repetitive container launches
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/MAPREDUCE-2743?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442498#comment-13442498 ] 

Daryn Sharp commented on MAPREDUCE-2743:
----------------------------------------

On YARN-39, you mentioned reopening this jira.  It's not giving me the option, so can you please follow through?
                
> [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches
> -----------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2743
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2743
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: mrv2, nodemanager, security
>    Affects Versions: 0.23.0
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Vinod Kumar Vavilapalli
>            Priority: Blocker
>             Fix For: 0.23.0
>
>
> ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.
> A cache of recent containers on the NM along with container token expiry time should solve this.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira