[jira] Updated: (MAPREDUCE-2178) Race condition in LinuxTaskController permissions handling

Fri, 11 Feb 2011 12:32:20 -0800 

     [ 
https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Todd Lipcon updated MAPREDUCE-2178:
-----------------------------------

    Attachment: 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch
                0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch
                0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch

Attaching three suggested fixes against the task-controller code in 0.20.100 
branch:

- patch 0001 fixes a race condition whereby the permissions checks on 
taskcontroller.cfg can be evaded (classic stat/open race, fixed using fstat 
instead)
- patch 0002 moves the check for number of arguments to after the permissions 
checks, so a user can just run "task-controller" to figure out if his 
permissions are correct. This also fixes the exception message during LTC setup 
on the TT if it's misconfigured
- patch 0003 fixes a build failure when compiling with -Werror - the return 
value of chdir wasn't checked. (apparently older gcc didn't have this warning)

> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
>                 Key: MAPREDUCE-2178
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: security, task-controller
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Priority: Blocker
>             Fix For: 0.22.0
>
>         Attachments: 
> 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch, 
> 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, 
> 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch, 
> mr-2178-y20-sortof.patch
>
>
> The linux-task-controller executable currently traverses a directory 
> heirarchy and calls chown/chmod on the files inside. There is a race 
> condition here which can be exploited by an attacker, causing the 
> task-controller to improprly chown an arbitrary target file (via a symlink) 
> to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last 
> couple of months]

-- 
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to