[jira] [Commented] (YARN-5836) Malicious AM can kill containers of other apps running in any node its containers are running

[Hadoop QA (JIRA)]

    [ 
https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15668632#comment-15668632
 ] 

Hadoop QA commented on YARN-5836:
---------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m  
0s{color} | {color:blue} Docker mode activated. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red}  0m  6s{color} 
| {color:red} YARN-5836 does not apply to trunk. Rebase required? Wrong Branch? 
See https://wiki.apache.org/hadoop/HowToContribute for help. {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | YARN-5836 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12839074/YARN-5836.v2.patch |
| Console output | 
https://builds.apache.org/job/PreCommit-YARN-Build/13930/console |
| Powered by | Apache Yetus 0.4.0-SNAPSHOT   http://yetus.apache.org |


This message was automatically generated.



> Malicious AM can kill containers of other apps running in any node its 
> containers are running
> ---------------------------------------------------------------------------------------------
>
>                 Key: YARN-5836
>                 URL: https://issues.apache.org/jira/browse/YARN-5836
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager
>            Reporter: Botong Huang
>            Assignee: Botong Huang
>            Priority: Minor
>         Attachments: YARN-5836.v1.patch, YARN-5836.v2.patch
>
>   Original Estimate: 5h
>  Remaining Estimate: 5h
>
> When AM calls NM via {{ContainerManagementProtocol}}, the NMToken is suppied 
> for authentication. The RPC server will verify the password of NMToken 
> (originally generated by RM) so that we know the content of NMTokenIdentifier 
> is geniune. 
> Next, for {{stopContainers()}} and {{getContainerStatus()}}, method 
> {{authorizeGetAndStopContainerRequest()}} is used to verify that the requsted 
> containers do belong to the AM by comparing them against the AppId in 
> NMTokenIdentifier. However, right now when the appId doesn't match, 
> {{authorizeGetAndStopContainerRequest()}} only log a warning message and 
> continues to kill the container... Overall a malicious AM can kill containers 
> of other apps running in any node its containers are running. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org