[jira] [Commented] (YARN-578) NodeManager should use SecureIOUtils for serving and aggregating logs

Mon, 20 May 2013 17:27:17 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13662504#comment-13662504
 ] 

Omkar Vinit Joshi commented on YARN-578:
----------------------------------------

Thanks vinod..

bq. Instead of matching messages in the exception block, why not separate the 
try {} catch {} block for the SecureIOUtils check?

No.. as both of them are throwing IOException only (with different messages.. 
should we fix the exception type for both of them??) and they will occur for 
the same SecureIOUtils.open call.

bq. The exception message is confusing. Let us say that the authenticated user 
is foo and the application-submitter is bar. The message talks about bar not 
having permissions to read the file which is totally confusing to foo. We 
should instead say something in the lines of "The log-file generated by the 
application-submitter foo has invalid permissions, so not showing etc.."

updated the message

bq. You don't need the unnecessary string concatenation: ' doesn't have 
permissions to read " + "log file :"

Yeah fixed it.

bq. LogAggregationService can ignore these permissions and upload sensitive 
files! Please fix this and write a test to verify that it doesn't happen.

Fixed. added test

bq. It seems like when logs are deleted, we are using the correct user to 
delete them. But can you write tests to validate this for two cases (1) when 
log-aggregation is enabled and (2) when it isn't.
1) added test for it.
2) is already verified.


                
> NodeManager should use SecureIOUtils for serving and aggregating logs
> ---------------------------------------------------------------------
>
>                 Key: YARN-578
>                 URL: https://issues.apache.org/jira/browse/YARN-578
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: nodemanager
>            Reporter: Vinod Kumar Vavilapalli
>            Assignee: Omkar Vinit Joshi
>         Attachments: yarn-578-20130426.patch, YARN-578-20130506.patch, 
> YARN-578-20130520.patch
>
>
> Log servlets for serving logs and the ShuffleService for serving intermediate 
> outputs both should use SecureIOUtils for avoiding symlink attacks.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to