[
https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12753990#action_12753990
]
Owen O'Malley commented on MAPREDUCE-181:
-----------------------------------------
Ok, Arun and I discussed this offline and came up with the following proposal.
We put everything about the job into the job's staging area (~/.staging/$jobid)
* job conf
* the serialized bytes of the input splits
* the meta data for the splits (offset of split serialization, number of bytes
in split, list of locations for split) for each split
* job jar
One last file that we need is because this effectively becomes interface is:
* _version that contains the storage version (1.0 to start with)
The advantages are:
* The JobTracker doesn't need to do any writes to HDFS, just reads
* The space counts against the user's quota on their home directory
* Small RPC message
* The job definition isn't split in two different places
The disadvantages are:
* Need versioning (so that hadoop 1.0 clients will work with hadoop 1.1
JobTrackers)
* The job tracker is reading xml written by user code (need to move to binary
eventually)
* The user can accidentally kill all of their jobs.
> Secure job submission
> ----------------------
>
> Key: MAPREDUCE-181
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-181
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Reporter: Amar Kamat
> Assignee: Amar Kamat
> Attachments: hadoop-3578-branch-20-example-2.patch,
> hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch,
> HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch
>
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job
> details. Hence the {{mapred.system.dir}} has the permissions of
> {{rwx-wx-wx}}. This could be a security loophole where the job files might
> get overwritten/tampered after the job submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
