[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754012#action_12754012 ]
Amar Kamat commented on MAPREDUCE-181: -------------------------------------- Had a chat with Owen and here is the job submission process with few extra addons : # jobclient requests the jobtracker for a jobid [say $jobid] # jobclient upload job.xml, job.jar, job.split, job.splitmetainfo, version, libs, archives etc to the staging area i.e ~/.staging/$jobid # jobclient now contructs a job-submission-token which contains ## job staging area location (for job start and restart) ## job-submission version (for client-master compatibility) ## some checksum info (will expand on this later) ## user-credentials (for now username) # jobclient passes job-submission-token over the rpc to jobtracker # jobtracker persists this info in mapred.system.dir # jobtracker uses the user-credentials in the job-meta-info to read the job.xml and job.splitmetainfo. # jobtracker checks for job staging checksum # when the tasktracker asks for a task, a Task is passed which contains the location of job.split along with start-offset and length. # upon restart the jobtracker reads the job-meta info and re-submits the job (where the checksum check is done again) # once the job is done, the staging area is deleted Checksum: # job.xml md5 : this prevents jobtracker/tasktrackers from using a changed jobconf across job-submission and restarts. # job-staging-area modification time : this prevents jobtracker and tasktracker for running jobs for which the staging area has changed. > Secure job submission > ---------------------- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Bug > Reporter: Amar Kamat > Assignee: Amar Kamat > Attachments: hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.