[
https://issues.apache.org/jira/browse/YARN-10439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17286272#comment-17286272
]
Brahma Reddy Battula commented on YARN-10439:
---------------------------------------------
[~dmmkr] thanks for reporting.. Yes, it's security issue as this will open.
Changes lgtm..hold to commit till this weekend.
> Yarn Service AM listens on all IP's on the machine
> --------------------------------------------------
>
> Key: YARN-10439
> URL: https://issues.apache.org/jira/browse/YARN-10439
> Project: Hadoop YARN
> Issue Type: Bug
> Components: security, yarn-native-services
> Reporter: D M Murali Krishna Reddy
> Assignee: D M Murali Krishna Reddy
> Priority: Minor
> Attachments: YARN-10439.001.patch, YARN-10439.002.patch
>
>
> In ClientAMService.java, rpc server is created without passing hostname, due
> to which the client listens on 0.0.0.0, which is a bad practise.
>
> {{InetSocketAddress address = {color:#cc7832}new
> {color}InetSocketAddress({color:#6897bb}0{color}){color:#cc7832};{color}}}
> {{{color:#9876aa}server {color}=
> rpc.getServer(ClientAMProtocol.{color:#cc7832}class, this,
> {color}address{color:#cc7832}, {color}conf{color:#cc7832},{color}
> {color:#9876aa}context{color}.{color:#9876aa}secretManager{color}{color:#cc7832},
> {color}{color:#6897bb}1{color}){color:#cc7832};{color}}}
>
> Also, a new configuration must be added similar to
> "yarn.app.mapreduce.am.job.client.port-range", so that client can configure
> port range for yarn service AM to bind.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
