[
https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668274#comment-15668274
]
Botong Huang commented on YARN-5836:
------------------------------------
[~jlowe] You are right, it turns out that the RPC server is indeed verifying
the token password when token authentication is used. Updated the description,
title and v1 patch uploaded. Thanks!
> Malicious AM can kill containers of other apps running in any node its
> containers are running
> ---------------------------------------------------------------------------------------------
>
> Key: YARN-5836
> URL: https://issues.apache.org/jira/browse/YARN-5836
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager
> Reporter: Botong Huang
> Assignee: Botong Huang
> Priority: Minor
> Attachments: YARN-5836.v1.patch
>
> Original Estimate: 5h
> Remaining Estimate: 5h
>
> When AM calls NM via {{ContainerManagementProtocol}}, the NMToken is suppied
> for authentication. The RPC server will verify the password of NMToken
> (originally generated by RM) so that we know the content of NMTokenIdentifier
> is geniune.
> Next, for {{stopContainers()}} and {{getContainerStatus()}}, method
> {{authorizeGetAndStopContainerRequest()}} is used to verify that the requsted
> containers do belong to the AM by comparing them against the AppId in
> NMTokenIdentifier. However, right now when the appId doesn't match,
> {{authorizeGetAndStopContainerRequest()}} only log a warning message and
> continues to kill the container... Overall a malicious AM can kill containers
> of other apps running in any node its containers are running.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
