[jira] [Commented] (HDFS-3618) SSH fencing option may incorrectly succeed if nc (netcat) command not present

Tue, 10 Jan 2017 12:31:59 -0800 

    [ 
https://issues.apache.org/jira/browse/HDFS-3618?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816079#comment-15816079
 ] 

Wei-Chiu Chuang commented on HDFS-3618:
---------------------------------------

I like the idea of making ssh fencing command configurable.

* Is it vulnerable to remote command injection?
* Some Linux distro do not support nc with -z option. Should we also make that 
configurable? Like for example, make default value of 
{{dfs.ha.fencing.ssh.nc-command}} as {{nc -z}}.

> SSH fencing option may incorrectly succeed if nc (netcat) command not present
> -----------------------------------------------------------------------------
>
>                 Key: HDFS-3618
>                 URL: https://issues.apache.org/jira/browse/HDFS-3618
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: auto-failover
>    Affects Versions: 2.0.0-alpha
>            Reporter: Brahma Reddy Battula
>            Assignee: Vinayakumar B
>              Labels: BB2015-05-TBR
>         Attachments: HDFS-3618-04.patch, HDFS-3618.patch, HDFS-3618.patch, 
> HDFS-3618.patch, zkfc.txt, zkfc_threaddump.out
>
>
> Started NN's and zkfc's in Suse11.
> Suse11 will have netcat installation and netcat -z will work(but nc -z wn't 
> work)..
> While executing following command, got command not found hence rc will be 
> other than zero and assuming that server was down..Here we are ending up 
> without checking whether service is down or not..
> {code}
> LOG.info(
>             "Indeterminate response from trying to kill service. " +
>             "Verifying whether it is running using nc...");
>         rc = execCommand(session, "nc -z " + serviceAddr.getHostName() +
>             " " + serviceAddr.getPort());
>         if (rc == 0) {
>           // the service is still listening - we are unable to fence
>           LOG.warn("Unable to fence - it is running but we cannot kill it");
>           return false;
>         } else {
>           LOG.info("Verified that the service is down.");
>           return true;          
>         }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to