[jira] Updated: (MAPREDUCE-899) When using LinuxTaskController, localized files may become accessible to unintended users if permissions are misconfigured.

Fri, 28 Aug 2009 01:03:27 -0700 

     [ 
https://issues.apache.org/jira/browse/MAPREDUCE-899?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Vinod K V updated MAPREDUCE-899:
--------------------------------

    Attachment: MAPREDUCE-899-20090828.txt

Attaching a patch that does the following:
 - Put in checks in taskcontroller to make sure that permissions are properly 
set.. For this, we check whether task-controller binary is
    -- set setuid and setgid bits
    -- user-owned by root
    -- group-owned by a special group to which only TT is a member. To check 
this, we
        --- scan the entry in group database for the special group and make 
sure it has only one member which is the tt_user
        --- scan all the entries in passwd database and make sure that only 
tt_user has the special group as its primary group.
 - The checks are made whenever task-controller binary is used in various 
operations like initialize_job, intialize_task etc.
 - The check is also made during TT start up so as to fail early in case. This 
is done by a plain run of the task-controller binary.

No new tests are included, existing tests  test this issue when combined with 
various combinations of ownership on the binary.



> When using LinuxTaskController, localized files may become accessible to 
> unintended users if permissions are misconfigured.
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-899
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-899
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: tasktracker
>            Reporter: Vinod K V
>            Assignee: Vinod K V
>         Attachments: MAPREDUCE-899-20090828.txt
>
>
> To enforce the accessibility of job files to only the job-owner and the 
> TaskTracker, as per MAPREDUCE-842, it is _trusted_ that the  setuid/setgid 
> linux TaskController binary is group owned by a _special group_ to which only 
> TaskTracker belongs and not just any group to which TT belongs. If the trust 
> is broken, possibly due to misconfiguration by admins, the local files become 
> accessible to unintended users, yet giving false sense of security to the 
> admins.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to