[ https://issues.apache.org/jira/browse/YARN-2552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Remus Rusanu updated YARN-2552: ------------------------------- Attachment: YARN-2552.1.patch This patch adds ValidateLocalPath function, checks all file operations for valid paths, and adds a yarn.nodemanager.windows-secure-container-executor.local-dirs key in wsce-site.xml. The SecureContainer.apt.vm is updated to describe the new config key. > Windows Secure Container Executor: the privileged file operations of > hadoopwinutilsvc should be constrained to localdirs only > ----------------------------------------------------------------------------------------------------------------------------- > > Key: YARN-2552 > URL: https://issues.apache.org/jira/browse/YARN-2552 > Project: Hadoop YARN > Issue Type: Sub-task > Components: nodemanager > Reporter: Remus Rusanu > Assignee: Remus Rusanu > Labels: security, windows, wsce > Attachments: YARN-2552.1.patch > > > YARN-2458 added file manipulation operations executed in an elevated context > by hadoopwinutilsvc. W/o any constraint, the NM (or a hijacker that takes > over the NM) can manipulate arbitrary OS files under highest possible > privileges, an easy elevation attack vector. The service should only allow > operations on files/directories that are under the configured NM localdirs. > It should read this value from wsce-site.xml, as the yarn-site.xml cannot be > trusted, being writable by Hadoop admins (YARN-2551 ensures wsce-site.xml is > only writable by system Administrators, not Hadoop admins). -- This message was sent by Atlassian JIRA (v6.3.4#6332)