[
https://issues.apache.org/jira/browse/YARN-5549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15449515#comment-15449515
]
Daniel Templeton commented on YARN-5549:
----------------------------------------
I would still argue to keep the config param. There are many reasons why one
would want to enable debug logging, all of which can cause the leaking of
credentials into the logs. The point of this JIRA is to secure the application
command contents. Without the config param, we're only making it a bit more
secure, sometimes.
> AMLauncher.createAMContainerLaunchContext() should not log the command to be
> launched indiscriminately
> ------------------------------------------------------------------------------------------------------
>
> Key: YARN-5549
> URL: https://issues.apache.org/jira/browse/YARN-5549
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.7.2
> Reporter: Daniel Templeton
> Assignee: Daniel Templeton
> Priority: Critical
> Attachments: YARN-5549.001.patch, YARN-5549.002.patch,
> YARN-5549.003.patch, YARN-5549.004.patch
>
>
> The command could contain sensitive information, such as keystore passwords
> or AWS credentials or other. Instead of logging it as INFO, we should log it
> as DEBUG and include a property to disable logging it at all. Logging it to
> a different logger would also be viable and may create a smaller
> administrative footprint.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
