[jira] Commented: (MAPREDUCE-2096) Secure local filesystem IO from symlink vulnerabilities

Wed, 29 Dec 2010 19:00:15 -0800 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-2096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12975957#action_12975957
 ] 

Todd Lipcon commented on MAPREDUCE-2096:
----------------------------------------

Results on mapreduce-2096.2.txt:

     [exec] +1 overall.  
     [exec] 
     [exec]     +1 @author.  The patch does not contain any @author tags.
     [exec] 
     [exec]     +1 tests included.  The patch appears to include 3 new or 
modified tests.
     [exec] 
     [exec]     +1 javadoc.  The javadoc tool did not generate any warning 
messages.
     [exec] 
     [exec]     +1 javac.  The applied patch does not increase the total number 
of javac compiler warnings.
     [exec] 
     [exec]     +1 findbugs.  The patch does not introduce any new Findbugs 
(version 1.3.9) warnings.
     [exec] 
     [exec]     +1 release audit.  The applied patch does not increase the 
total number of release audit warnings.
     [exec] 
     [exec]     +1 system test framework.  The patch passed system test 
framework compile.

Unit tests pass except for the known timeouts from trunk.

> Secure local filesystem IO from symlink vulnerabilities
> -------------------------------------------------------
>
>                 Key: MAPREDUCE-2096
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2096
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: jobtracker, security, tasktracker
>    Affects Versions: 0.22.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Blocker
>             Fix For: 0.22.0
>
>         Attachments: mapreduce-2096-index-oob.txt, mapreduce-2096.2.txt, 
> mapreduce-2096.txt, secure-files-9.txt, secure-files-authorized-jvm-fix.txt
>
>
> This JIRA is to contribute a patch developed on the private security@ mailing 
> list.
> The vulnerability is that MR daemons occasionally open files that are located 
> in a path where the user has write access. A malicious user may place a 
> symlink in place of the expected file in order to cause the daemon to instead 
> read another file on the system -- one which the attacker may not naturally 
> be able to access. This includes delegation tokens belong to other users, log 
> files, keytabs, etc.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to