Race condition in LinuxTaskController permissions handling
----------------------------------------------------------
Key: MAPREDUCE-2178
URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178
Project: Hadoop Map/Reduce
Issue Type: Bug
Components: security, task-controller
Affects Versions: 0.22.0
Reporter: Todd Lipcon
Priority: Blocker
The linux-task-controller executable currently traverses a directory heirarchy
and calls chown/chmod on the files inside. There is a race condition here which
can be exploited by an attacker, causing the task-controller to improprly chown
an arbitrary target file (via a symlink) to the user running a MR job. This can
be exploited to escalate to root.
[this issue was raised and discussed on the security@ list over the last couple
of months]
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
