[
https://issues.apache.org/jira/browse/MAPREDUCE-1991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12894824#action_12894824
]
Todd Lipcon commented on MAPREDUCE-1991:
----------------------------------------
Yea, I think switching the order of the checks should be good enough. Or if
it's not used, let's get rid of it - this code is scary since it's mostly
running as root, so the simpler we can make it, the better!
If it's still useful, could we open the log file as the tasktracker user
instead of as root? We can always setuid down to the mapred user, then setuid
back up to root when we need it.
> taskcontroller allows stealing permissions on any local file
> ------------------------------------------------------------
>
> Key: MAPREDUCE-1991
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1991
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: task-controller
> Affects Versions: 0.21.0, 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
>
> The linux task-controller setuid binary allows a malicious user to chmod any
> file on the system to 644 (and as a side effect appends some junk to the end)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
