[jira] [Commented] (HADOOP-13957) prevent bad PATHs
[ https://issues.apache.org/jira/browse/HADOOP-13957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15830376#comment-15830376 ] Andres Perez commented on HADOOP-13957: --- I guess you are right, was thinking more from a dev environment POV, but still then having the directories world writable doesn't make sense. > prevent bad PATHs > - > > Key: HADOOP-13957 > URL: https://issues.apache.org/jira/browse/HADOOP-13957 > Project: Hadoop Common > Issue Type: New Feature > Components: security >Affects Versions: 3.0.0-alpha2 >Reporter: Allen Wittenauer > > Apache Hadoop daemons should fail to start if the shell PATH contains world > writable directories or '.' (cwd). Doing so would close an attack vector on > misconfigured systems. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13957) prevent bad PATHs
[ https://issues.apache.org/jira/browse/HADOOP-13957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15819855#comment-15819855 ] Allen Wittenauer commented on HADOOP-13957: --- Is there a use case for something writable in the path? Right now to own the box just means installing a trojan bash. > prevent bad PATHs > - > > Key: HADOOP-13957 > URL: https://issues.apache.org/jira/browse/HADOOP-13957 > Project: Hadoop Common > Issue Type: New Feature > Components: security >Affects Versions: 3.0.0-alpha2 >Reporter: Allen Wittenauer > > Apache Hadoop daemons should fail to start if the shell PATH contains world > writable directories or '.' (cwd). Doing so would close an attack vector on > misconfigured systems. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-13957) prevent bad PATHs
[ https://issues.apache.org/jira/browse/HADOOP-13957?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15819843#comment-15819843 ] Andres Perez commented on HADOOP-13957: --- Maybe this should be implemented as a configuration option that you can enable/disable this check. {{hadoop.security.check-path = true|false}} > prevent bad PATHs > - > > Key: HADOOP-13957 > URL: https://issues.apache.org/jira/browse/HADOOP-13957 > Project: Hadoop Common > Issue Type: New Feature > Components: security >Affects Versions: 3.0.0-alpha2 >Reporter: Allen Wittenauer > > Apache Hadoop daemons should fail to start if the shell PATH contains world > writable directories or '.' (cwd). Doing so would close an attack vector on > misconfigured systems. -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org