hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Omkar Vinit Joshi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-578) NodeManager should use SecureIOUtils for serving and aggregating logs
Date Tue, 21 May 2013 00:27:16 GMT

    [ https://issues.apache.org/jira/browse/YARN-578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13662504#comment-13662504
] 

Omkar Vinit Joshi commented on YARN-578:
----------------------------------------

Thanks vinod..

bq. Instead of matching messages in the exception block, why not separate the try {} catch
{} block for the SecureIOUtils check?

No.. as both of them are throwing IOException only (with different messages.. should we fix
the exception type for both of them??) and they will occur for the same SecureIOUtils.open
call.

bq. The exception message is confusing. Let us say that the authenticated user is foo and
the application-submitter is bar. The message talks about bar not having permissions to read
the file which is totally confusing to foo. We should instead say something in the lines of
"The log-file generated by the application-submitter foo has invalid permissions, so not showing
etc.."

updated the message

bq. You don't need the unnecessary string concatenation: ' doesn't have permissions to read
" + "log file :"

Yeah fixed it.

bq. LogAggregationService can ignore these permissions and upload sensitive files! Please
fix this and write a test to verify that it doesn't happen.

Fixed. added test

bq. It seems like when logs are deleted, we are using the correct user to delete them. But
can you write tests to validate this for two cases (1) when log-aggregation is enabled and
(2) when it isn't.
1) added test for it.
2) is already verified.


                
> NodeManager should use SecureIOUtils for serving and aggregating logs
> ---------------------------------------------------------------------
>
>                 Key: YARN-578
>                 URL: https://issues.apache.org/jira/browse/YARN-578
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Omkar Vinit Joshi
>         Attachments: yarn-578-20130426.patch, YARN-578-20130506.patch, YARN-578-20130520.patch
>
>
> Log servlets for serving logs and the ShuffleService for serving intermediate outputs
both should use SecureIOUtils for avoiding symlink attacks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message