hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-5836) Malicious AM can kill containers of other apps running in any node its containers are running
Date Tue, 15 Nov 2016 20:48:00 GMT

     [ https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jason Lowe updated YARN-5836:
-----------------------------
    Summary: Malicious AM can kill containers of other apps running in any node its containers
are running  (was: ContainerManagerImpl not throwing exception when AppId in NMTokenIdentifier
does not match containerId to kill. Malicious AM can kill containers of other apps running
in any node its containers are running)

Simplifying the summary to describe the symptom rather than detail the fix.

Thanks for the patch!  Looks good to me pending a Jenkins result.



> Malicious AM can kill containers of other apps running in any node its containers are
running
> ---------------------------------------------------------------------------------------------
>
>                 Key: YARN-5836
>                 URL: https://issues.apache.org/jira/browse/YARN-5836
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>            Reporter: Botong Huang
>            Assignee: Botong Huang
>            Priority: Minor
>         Attachments: YARN-5836.v1.patch
>
>   Original Estimate: 5h
>  Remaining Estimate: 5h
>
> When AM calls NM via {{ContainerManagementProtocol}}, the NMToken is suppied for authentication.
The RPC server will verify the password of NMToken (originally generated by RM) so that we
know the content of NMTokenIdentifier is geniune. 
> Next, for {{stopContainers()}} and {{getContainerStatus()}}, method {{authorizeGetAndStopContainerRequest()}}
is used to verify that the requsted containers do belong to the AM by comparing them against
the AppId in NMTokenIdentifier. However, right now when the appId doesn't match, {{authorizeGetAndStopContainerRequest()}}
only log a warning message and continues to kill the container... Overall a malicious AM can
kill containers of other apps running in any node its containers are running. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message