[
https://issues.apache.org/jira/browse/HADOOP-5420?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sreekanth Ramakrishnan updated HADOOP-5420:
-------------------------------------------
Attachment: hadoop-5420-8.patch
Attaching new patch with few changes to code based on internal testing results:
* It was found that users could execute arbitrary scripts using task-controller
binary by directly invoking binary in their tasks and using relative paths to
point to that script. So following checks are added, all constructed paths in
binary are resolved and checked if the resolved path and absolute path are one
and same. Second check was added to check if the taskjvm.sh is actually owned
by task-tracker. If the file is not owned by the task-tracker. The binary would
not execute the script.
* Changed documentation to note the fact that, the binary's group ownership
should be that of task-tracker and cluster users should not be part of this
group. The suggested permission of the task-controller has been changed to 4510.
* Removed pid writing by task tracker.
> Support killing of process groups in LinuxTaskController binary
> ---------------------------------------------------------------
>
> Key: HADOOP-5420
> URL: https://issues.apache.org/jira/browse/HADOOP-5420
> Project: Hadoop Core
> Issue Type: Bug
> Reporter: Sreekanth Ramakrishnan
> Assignee: Sreekanth Ramakrishnan
> Attachments: hadoop-5420-1.patch, hadoop-5420-2.patch,
> hadoop-5420-3.patch, hadoop-5420-4.patch, hadoop-5420-5.patch,
> hadoop-5420-6.patch, hadoop-5420-7.patch, hadoop-5420-8.patch,
> hadoop-5420.patch
>
>
> Support setsid based kill in LinuxTaskController.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
