[jira] Commented: (MAPREDUCE-899) When using LinuxTaskController, localized files may become accessible to unintended users if permissions are misconfigured.

[Hemanth Yamijala (JIRA)]

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12805814#action_12805814
 ] 

Hemanth Yamijala commented on MAPREDUCE-899:
--------------------------------------------

I think we can simplify the approach still. 

Please note that on other JIRAs, we have assumed that the task-controller 
binary would be set up with permissions and ownership that prevent misuse. 
Specifically, the binary would be setuid/setgid executable, owned by root/a 
special group, and importantly, other users will not have any permissions. I 
had proposed on this JIRA earlier on that we trust administrators to setup the 
special group correctly and specify it in the taskcontroller.cfg file. 

Following up on this, I think if we verify that only root and the admin 
specified group can execute the file in a setuid mode, then I think we are 
pretty much done. We should specifically check that others *cannot* execute the 
file. Can we change the approach in the patch to match this ? Any concerns ?

> When using LinuxTaskController, localized files may become accessible to 
> unintended users if permissions are misconfigured.
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-899
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-899
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: tasktracker
>            Reporter: Vinod K V
>            Assignee: Amareshwari Sriramadasu
>             Fix For: 0.22.0
>
>         Attachments: MAPREDUCE-899-20090828.txt, patch-899-1.txt, 
> patch-899-2.txt, patch-899-3.txt, patch-899-4.txt, patch-899.txt
>
>
> To enforce the accessibility of job files to only the job-owner and the 
> TaskTracker, as per MAPREDUCE-842, it is _trusted_ that the  setuid/setgid 
> linux TaskController binary is group owned by a _special group_ to which only 
> TaskTracker belongs and not just any group to which TT belongs. If the trust 
> is broken, possibly due to misconfiguration by admins, the local files become 
> accessible to unintended users, yet giving false sense of security to the 
> admins.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.