Job Tracker appears to do host access-control (mapred.hosts,
mapred.hosts.exclude) based on presented name from TaskTracker
---------------------------------------------------------------------------------------------------------------------------
Key: MAPREDUCE-2057
URL: https://issues.apache.org/jira/browse/MAPREDUCE-2057
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: jobtracker
Affects Versions: 0.20.1
Environment: Hadoop 0.20.1 - cloudera distribution, multihomed
environment.
Reporter: Matthew Byng-Maddick
As far as I can tell, where the NameNode, in validating the dfs.hosts and
dfs.hosts.exclude files uses the source IP address for the RPC connection, the
JobTracker appears to use the presented hostname (set via slave.host.name or
the standard hostname-search semantics) from the TaskTracker. Obviously this is
a security bug as in a production environment it could allow rogue machines to
present the hostname of a real TaskTracker and take over that role, but it also
turns up as a configuration bug because it means that you can set up a
(multi-homed, natch) environment where the same set of files work for the
NameNode, but don't for the JobTracker or vice versa - with the same binding
hostname for fs.default.name and mapred.job.tracker.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
