hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-5836) Malicious AM can kill containers of other apps running in any node its containers are running
Date Wed, 16 Nov 2016 22:41:58 GMT

    [ https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15671904#comment-15671904
] 

Hudson commented on YARN-5836:
------------------------------

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10849 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10849/])
YARN-5836. Malicious AM can kill containers of other apps running in any (jlowe: rev 59bfcbf3579e45ddf96db3aafccf669c8e03648f)
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/TestContainerManager.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/BaseContainerManagerTest.java
* (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/test/java/org/apache/hadoop/yarn/server/nodemanager/TestContainerManagerWithLCE.java


> Malicious AM can kill containers of other apps running in any node its containers are
running
> ---------------------------------------------------------------------------------------------
>
>                 Key: YARN-5836
>                 URL: https://issues.apache.org/jira/browse/YARN-5836
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>            Reporter: Botong Huang
>            Assignee: Botong Huang
>            Priority: Minor
>         Attachments: YARN-5836.v1.patch, YARN-5836.v2.patch
>
>   Original Estimate: 5h
>  Remaining Estimate: 5h
>
> When AM calls NM via {{ContainerManagementProtocol}}, the NMToken is suppied for authentication.
The RPC server will verify the password of NMToken (originally generated by RM) so that we
know the content of NMTokenIdentifier is geniune. 
> Next, for {{stopContainers()}} and {{getContainerStatus()}}, method {{authorizeGetAndStopContainerRequest()}}
is used to verify that the requsted containers do belong to the AM by comparing them against
the AppId in NMTokenIdentifier. However, right now when the appId doesn't match, {{authorizeGetAndStopContainerRequest()}}
only log a warning message and continues to kill the container... Overall a malicious AM can
kill containers of other apps running in any node its containers are running. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message