[
https://issues.apache.org/jira/browse/MAPREDUCE-2096?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Lipcon updated MAPREDUCE-2096:
-----------------------------------
Resolution: Fixed
Release Note: The TaskTracker now uses the libhadoop JNI library to operate
securely on local files when security is enabled. Secure clusters must ensure
that libhadoop.so is available to the TaskTracker.
Hadoop Flags: [Reviewed]
Status: Resolved (was: Patch Available)
Committed to trunk and 0.22
> Secure local filesystem IO from symlink vulnerabilities
> -------------------------------------------------------
>
> Key: MAPREDUCE-2096
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2096
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: jobtracker, security, tasktracker
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Blocker
> Fix For: 0.22.0
>
> Attachments: mapreduce-2096-index-oob.txt, mapreduce-2096.2.txt,
> mapreduce-2096.txt, secure-files-9.txt, secure-files-authorized-jvm-fix.txt
>
>
> This JIRA is to contribute a patch developed on the private security@ mailing
> list.
> The vulnerability is that MR daemons occasionally open files that are located
> in a path where the user has write access. A malicious user may place a
> symlink in place of the expected file in order to cause the daemon to instead
> read another file on the system -- one which the attacker may not naturally
> be able to access. This includes delegation tokens belong to other users, log
> files, keytabs, etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
