hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vrushali C (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-3401) [Security] users should not be able to create a generic TimelineEntity and associate arbitrary type
Date Wed, 04 Apr 2018 06:26:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-3401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16425070#comment-16425070
] 

Vrushali C commented on YARN-3401:
----------------------------------

This discussion came up in YARN-6936 , thanks [~haibochen] for the points on that jira. We
should consider the situations when the AM could be writing entities maliciously and overwriting
system written entities. 

> [Security] users should not be able to create a generic TimelineEntity and associate
arbitrary type
> ---------------------------------------------------------------------------------------------------
>
>                 Key: YARN-3401
>                 URL: https://issues.apache.org/jira/browse/YARN-3401
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Sangjin Lee
>            Priority: Major
>              Labels: YARN-5355
>
> IIUC it is possible for users to create a generic TimelineEntity and set an arbitrary
entity type. For example, for a YARN app, the right entity API is ApplicationEntity. However,
today nothing stops users from instantiating a base TimelineEntity class and set the application
type on it. This presents a problem in handling these YARN system entities in the storage
layer for example.
> We need to ensure that the API allows only the right type of the class to be created
for a given entity type.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message