[
https://issues.apache.org/jira/browse/YARN-2552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Remus Rusanu updated YARN-2552:
-------------------------------
Attachment: YARN-2552.1.patch
This patch adds ValidateLocalPath function, checks all file operations for
valid paths, and adds a
yarn.nodemanager.windows-secure-container-executor.local-dirs key in
wsce-site.xml. The SecureContainer.apt.vm is updated to describe the new config
key.
> Windows Secure Container Executor: the privileged file operations of
> hadoopwinutilsvc should be constrained to localdirs only
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: YARN-2552
> URL: https://issues.apache.org/jira/browse/YARN-2552
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Remus Rusanu
> Assignee: Remus Rusanu
> Labels: security, windows, wsce
> Attachments: YARN-2552.1.patch
>
>
> YARN-2458 added file manipulation operations executed in an elevated context
> by hadoopwinutilsvc. W/o any constraint, the NM (or a hijacker that takes
> over the NM) can manipulate arbitrary OS files under highest possible
> privileges, an easy elevation attack vector. The service should only allow
> operations on files/directories that are under the configured NM localdirs.
> It should read this value from wsce-site.xml, as the yarn-site.xml cannot be
> trusted, being writable by Hadoop admins (YARN-2551 ensures wsce-site.xml is
> only writable by system Administrators, not Hadoop admins).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
