[jira] Commented: (MAPREDUCE-2057) Job Tracker appears to do host access-control (mapred.hosts, mapred.hosts.exclude) based on presented name from TaskTracker

Thu, 09 Sep 2010 10:11:17 -0700 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-2057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12907681#action_12907681
 ] 

Allen Wittenauer commented on MAPREDUCE-2057:
---------------------------------------------


>From a security perspective, the patches coming in 0.22 will make sure that a 
>host is who it says it is by requiring Kerberized credentials.  (ignoring the 
>some recognized MITM and IP spoofing attacks which the community has made the 
>conscious choice to defer fixing)

That said, it would be better if Hadoop in general took the IP addr, reverse 
resolved, and then compared that to the config.  

> Job Tracker appears to do host access-control (mapred.hosts, 
> mapred.hosts.exclude) based on presented name from TaskTracker
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-2057
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2057
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: jobtracker
>    Affects Versions: 0.20.1
>         Environment: Hadoop 0.20.1 - cloudera distribution, multihomed 
> environment.
>            Reporter: Matthew Byng-Maddick
>
> As far as I can tell, where the NameNode, in validating the dfs.hosts and 
> dfs.hosts.exclude files uses the source IP address for the RPC connection, 
> the JobTracker appears to use the presented hostname (set via slave.host.name 
> or the standard hostname-search semantics) from the TaskTracker. Obviously 
> this is a security bug as in a production environment it could allow rogue 
> machines to present the hostname of a real TaskTracker and take over that 
> role, but it also turns up as a configuration bug because it means that you 
> can set up a (multi-homed, natch) environment where the same set of files 
> work for the NameNode, but don't for the JobTracker or vice versa - with the 
> same binding hostname for fs.default.name and mapred.job.tracker.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to