[
https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Lipcon updated MAPREDUCE-2178:
-----------------------------------
Attachment: ac-sys-largefile.patch
Another amendment: AC_SYS_LARGEFILE in configure.ac causes a build failure on
32-bit RHEL5:
[exec] /usr/include/fts.h:41:3: error: #error "<fts.h> cannot be used with
-D_FILE_OFFSET_BITS==64"
Since the task-controller doesn't need to deal with very large (>2G) files, I
don't think this flag is necessary. (it just copies job.xml, tokens, and
taskjvm.sh)
> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
> Key: MAPREDUCE-2178
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security, task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Priority: Blocker
> Fix For: 0.22.0
>
> Attachments:
> 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch,
> 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch,
> 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch,
> ac-sys-largefile.patch, mr-2178-y20-sortof.patch
>
>
> The linux-task-controller executable currently traverses a directory
> heirarchy and calls chown/chmod on the files inside. There is a race
> condition here which can be exploited by an attacker, causing the
> task-controller to improprly chown an arbitrary target file (via a symlink)
> to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last
> couple of months]
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
