[
https://issues.apache.org/jira/browse/STORM-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14034187#comment-14034187
]
ASF GitHub Bot commented on STORM-357:
--------------------------------------
Github user revans2 commented on the pull request:
https://github.com/apache/incubator-storm/pull/144#issuecomment-46347409
Thanks Derek, The change looks good. I ran some manual tests and it looks
to be working well. +1. I'll merge this into security
> [security] Supervisors can fail to clean up worker files properly
> -----------------------------------------------------------------
>
> Key: STORM-357
> URL: https://issues.apache.org/jira/browse/STORM-357
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Derek Dagit
> Assignee: Derek Dagit
>
> The "worker launcher" script is used to perform a variety of tasks as a
> specific user. This requires launching a separate process.
> After a worker is shut down, the supervisor uses the "worker launcher" script
> to clean up after workers with its "rmr" command. This command could fail
> for any number of reasons, just as backtype.storm.util/rmr could fail. But
> the "worker launcher" script merely sets the exit code of the process to
> non-zero, and that does not result in a thrown exception.
> As a result, logic in supervisor.clj clean-up code is bypassed, and it
> proceeds to delete the file in workers-users, which is critical for any
> subsequent attempts at cleanup without intervention by a privileged user.
> The symptom is repeated messages warning that cleanup fails because the
> original user is unknown. It rolls log files and can fill the disk with dead
> worker directories.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
