[jira] [Commented] (YARN-9132) Add file permission check for auxiliary services manifest file

Eric Yang (JIRA) Tue, 18 Dec 2018 12:58:23 -0800


    [ 
https://issues.apache.org/jira/browse/YARN-9132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16724464#comment-16724464
 ]


Eric Yang commented on YARN-9132:
---------------------------------

If the parent directory of the file is writable by someone else, the file can 
be deleted.

> Add file permission check for auxiliary services manifest file
> --------------------------------------------------------------
>
>                 Key: YARN-9132
>                 URL: https://issues.apache.org/jira/browse/YARN-9132
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Eric Yang
>            Assignee: Billie Rinaldi
>            Priority: Major
>         Attachments: YARN-9132.1.patch
>
>
> The manifest file in HDFS must be owned by YARN admin or YARN service user 
> only.  This check helps to prevent loading of malware into node manager JVM.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (YARN-9132) Add file permission check for auxiliary services manifest file

Reply via email to