hosts

Vinayakumar B (JIRA) Fri, 08 Jan 2016 03:10:50 -0800

    [ 
https://issues.apache.org/jira/browse/HADOOP-12687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15089072#comment-15089072
 ]


Vinayakumar B commented on HADOOP-12687:
----------------------------------------

bq. If essentially undoes the security check in getByExactName(). When doing 
hostname lookups, the hostname must be rooted(“.” added to the end to avoid the 
security hole in RFC 1535). This patch undoes that check.
After seeing the RFC 1535, I agree that direct look up without trailing dot may 
connect to unauthorized machine or wrong machine after searching through 
different search domains.
But in current case, with patch, direct look-up is being done after all check 
is done including trailing dot and search domains.
Is it still a RFC violation to lookup for direct host?

below code itself throws {{UnKnownHostException}}, i.e. its not able to resolve 
its own hostname. This happens only in linux(ubuntu), works fine in windows 
though.
{code}SecurityUtil.getByName(InetSocketAddress.getLocalhost().getHostName()){code}

> SecureUtil#getByName should also try to resolve direct hostname, incase 
> multiple loopback addresses are present in /etc/hosts
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12687
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12687
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Junping Du
>            Assignee: Sunil G
>              Labels: security
>         Attachments: 0001-YARN-4352.patch, 0002-YARN-4352.patch, 
> 0003-HADOOP-12687.patch, 0004-HADOOP-12687.patch
>
>
> From 
> https://builds.apache.org/job/PreCommit-YARN-Build/9661/artifact/patchprocess/patch-unit-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-client-jdk1.7.0_79.txt,
>  we can see the tests in TestYarnClient, TestAMRMClient and TestNMClient get 
> timeout which can be reproduced locally.
> When {{/etc/hosts}} has multiple loopback entries, 
> {{InetAddress.getByName(null)}} will be returning the first entry present in 
> etc/hosts. Hence its possible that machine hostname can be second in list and 
> cause {{UnKnownHostException}}.
> Suggesting a direct resolve for such hostname scenarios.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HADOOP-12687) SecureUtil#getByName should also try to resolve direct hostname, incase multiple loopback addresses are present in /etc/hosts

Reply via email to