Github user revans2 commented on the issue:
https://github.com/apache/storm/pull/2721
So you are running with authentication, but run as user is disabled,
because you are running on windows. That is a use case that I missed, sorry
about that.
This is not a security issue as we kill the process as the user that owns
the container. When run as user is enabled we do it as the user that launched
the process, when it is disabled we do it as the supervisor user. This means
the OS will prevent us from killing a process we shouldn't, even if a worker
self reports a process that it should not.
The entire reason I put the user check in was to avoid a problem with PID
reuse. OSes typically rotate through PIDs in a way to avoid situations where a
process dies and its PID is quickly handed to another process, but with how
storm self reports PIDs through the file system... I just wanted to be cautious.
Removing the user check entirely should be fine, the issue you might run
into is that if a PID is reused too quickly by a different user you might be
stuck trying to kill is process that you are not allowed to and end up stuck
waiting for it to die forever. The simple fix for me would be to have the
Container pass in `System.getProperty("user.name")` for the user name, with a
comment about why, and have RunAsUserContainer pass the real user in.
---
