[
https://issues.apache.org/jira/browse/YARN-5549?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15453549#comment-15453549
]
Karthik Kambatla commented on YARN-5549:
----------------------------------------
I hate introducing one more config, but looks like it is required here. If the
admin turns on debug logging to debug problems, user's credentials are exposed.
As long as we are going to drop the config along with the log line in one of
these follow-up JIRAs, I am fine with including the config for now. However,
for security reasons, the default should probably be OFF. It would help to
mention the config along with REDACTED.
> AMLauncher.createAMContainerLaunchContext() should not log the command to be
> launched indiscriminately
> ------------------------------------------------------------------------------------------------------
>
> Key: YARN-5549
> URL: https://issues.apache.org/jira/browse/YARN-5549
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.7.2
> Reporter: Daniel Templeton
> Assignee: Daniel Templeton
> Priority: Critical
> Attachments: YARN-5549.001.patch, YARN-5549.002.patch,
> YARN-5549.003.patch, YARN-5549.004.patch
>
>
> The command could contain sensitive information, such as keystore passwords
> or AWS credentials or other. Instead of logging it as INFO, we should log it
> as DEBUG and include a property to disable logging it at all. Logging it to
> a different logger would also be viable and may create a smaller
> administrative footprint.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
