[
https://issues.apache.org/jira/browse/MAPREDUCE-1418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12849304#action_12849304
]
Ravi Gummadi commented on MAPREDUCE-1418:
-----------------------------------------
May be a related to this JIRA. I don't see any special validation done for the
method kill_user_task() in task-controller. If an arbitrary user can launch
task-controller, then he can kill any process by specifying the process-id as
an argument and process-owner as another argument to task-controller. Can we
somehow validate the arguments passed to kill_user_task() in task-controller ?
> LinuxTaskController binary misses validation of arguments passed for relative
> components in some cases.
> -------------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-1418
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1418
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security, tasktracker
> Reporter: Vinod K V
> Assignee: Hemanth Yamijala
> Attachments: MAPREDUCE-1418.patch
>
>
> The function {{int check_path_for_relative_components(char * path)}} should
> be used to validate the absence of relative components before any operation
> is done on those paths. This is missed in all the {{initialize*()}}
> functions, as Hemanth pointed out offline.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
