[ https://issues.apache.org/jira/browse/HADOOP-12687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15089072#comment-15089072 ]
Vinayakumar B commented on HADOOP-12687: ---------------------------------------- bq. If essentially undoes the security check in getByExactName(). When doing hostname lookups, the hostname must be rooted(“.” added to the end to avoid the security hole in RFC 1535). This patch undoes that check. After seeing the RFC 1535, I agree that direct look up without trailing dot may connect to unauthorized machine or wrong machine after searching through different search domains. But in current case, with patch, direct look-up is being done after all check is done including trailing dot and search domains. Is it still a RFC violation to lookup for direct host? below code itself throws {{UnKnownHostException}}, i.e. its not able to resolve its own hostname. This happens only in linux(ubuntu), works fine in windows though. {code}SecurityUtil.getByName(InetSocketAddress.getLocalhost().getHostName()){code} > SecureUtil#getByName should also try to resolve direct hostname, incase > multiple loopback addresses are present in /etc/hosts > ----------------------------------------------------------------------------------------------------------------------------- > > Key: HADOOP-12687 > URL: https://issues.apache.org/jira/browse/HADOOP-12687 > Project: Hadoop Common > Issue Type: Bug > Reporter: Junping Du > Assignee: Sunil G > Labels: security > Attachments: 0001-YARN-4352.patch, 0002-YARN-4352.patch, > 0003-HADOOP-12687.patch, 0004-HADOOP-12687.patch > > > From > https://builds.apache.org/job/PreCommit-YARN-Build/9661/artifact/patchprocess/patch-unit-hadoop-yarn-project_hadoop-yarn_hadoop-yarn-client-jdk1.7.0_79.txt, > we can see the tests in TestYarnClient, TestAMRMClient and TestNMClient get > timeout which can be reproduced locally. > When {{/etc/hosts}} has multiple loopback entries, > {{InetAddress.getByName(null)}} will be returning the first entry present in > etc/hosts. Hence its possible that machine hostname can be second in list and > cause {{UnKnownHostException}}. > Suggesting a direct resolve for such hostname scenarios. -- This message was sent by Atlassian JIRA (v6.3.4#6332)