[
https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13289425#comment-13289425
]
Hudson commented on MAPREDUCE-2178:
-----------------------------------
Integrated in Hadoop-Mapreduce-22-branch #104 (See
[https://builds.apache.org/job/Hadoop-Mapreduce-22-branch/104/])
MAPREDUCE-2178. Race condition in LinuxTaskController permissions handling.
Contributed by Todd Lipcon and Benoy Antony. (Revision 1346214)
Result = SUCCESS
shv : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1346214
Files :
* /hadoop/common/branches/branch-0.22/mapreduce/CHANGES.txt
* /hadoop/common/branches/branch-0.22/mapreduce/build.xml
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/Makefile.am
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configuration.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configuration.h
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configure.ac
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/configuration.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/configuration.h
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/main.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.h
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/task-controller.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/task-controller.h
* /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/test
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/test/test-task-controller.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/tests/test-task-controller.c
*
/hadoop/common/branches/branch-0.22/mapreduce/src/contrib/streaming/src/java/org/apache/hadoop/streaming/PipeMapRed.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/Child.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/CleanupQueue.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/DefaultTaskController.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/IsolationRunner.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JobInProgress.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JobLocalizer.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JvmManager.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/LinuxTaskController.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/LocalJobRunner.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/MapTask.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/MapTaskRunner.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/ReduceTask.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/ReduceTaskRunner.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/Task.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskController.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskLog.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskMemoryManagerThread.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskRunner.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskTracker.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskUmbilicalProtocol.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/UserLogCleaner.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/JobContext.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/JobSubmissionFiles.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/DistributedCache.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/TaskDistributedCacheManager.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/TrackerDistributedCacheManager.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/chain/ChainMapContextImpl.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/chain/ChainReduceContextImpl.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/map/WrappedMapper.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/reduce/WrappedReducer.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/server/tasktracker/Localizer.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/task/JobContextImpl.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/MRAsyncDiskService.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/ProcessTree.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/ProcfsBasedProcessTree.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/util/ProcessTree.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/util/ProcfsBasedProcessTree.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/ClusterWithLinuxTaskController.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestDebugScript.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobExecutionAsDifferentUser.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobKillAndFail.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobRetire.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJvmManager.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestKillSubProcesses.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestLinuxTaskController.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestMapRed.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestMiniMRWithDFS.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestSequenceFileInputFormat.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskCommit.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskTrackerLocalization.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskTrackerMemoryManager.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTrackerDistributedCacheManagerWithLinuxTaskController.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestUserLogCleanup.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/UtilsForTests.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapreduce/filecache/TestTrackerDistributedCacheManager.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapreduce/util/TestProcfsBasedProcessTree.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/testshell/ExternalMapReduce.java
*
/hadoop/common/branches/branch-0.22/mapreduce/src/test/unit/org/apache/hadoop/mapred/TestTaskTrackerDirectories.java
> Race condition in LinuxTaskController permissions handling
> ----------------------------------------------------------
>
> Key: MAPREDUCE-2178
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security, task-controller
> Affects Versions: 0.22.0
> Reporter: Todd Lipcon
> Assignee: Benoy Antony
> Fix For: 0.22.1
>
> Attachments:
> 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch,
> 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch,
> 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch,
> ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt,
> mr-2178-0.22.txt, mr-2178-022.patch, mr-2178-022.patch, mr-2178-022.patch,
> mr-2178-error-on-launch-fail.txt, mr-2178-y20-sortof.patch, mr-2178.patch,
> racy-config-check-test-changes.txt
>
>
> The linux-task-controller executable currently traverses a directory
> heirarchy and calls chown/chmod on the files inside. There is a race
> condition here which can be exploited by an attacker, causing the
> task-controller to improprly chown an arbitrary target file (via a symlink)
> to the user running a MR job. This can be exploited to escalate to root.
> [this issue was raised and discussed on the security@ list over the last
> couple of months]
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
