[
https://issues.apache.org/jira/browse/MAPREDUCE-2371?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Todd Lipcon updated MAPREDUCE-2371:
-----------------------------------
Attachment: mapreduce-2371-on-0.20.txt
Here's a prelim patch for this (not cluster tested yet). It applies against an
0.20 security branch, since MAPREDUCE-2178 isn't available for trunk yet.
> TaskLogsTruncater does not need to check log ownership when running as Child
> ----------------------------------------------------------------------------
>
> Key: MAPREDUCE-2371
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2371
> Project: Hadoop Map/Reduce
> Issue Type: Improvement
> Affects Versions: 0.23.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Fix For: 0.23.0
>
> Attachments: mapreduce-2371-on-0.20.txt
>
>
> Before MAPREDUCE-2178, it used to be that the TaskLogsTruncater had to use
> the SecureIO API to open the task logs before truncation, to avoid an attack
> where the user would symlink in something that the TT had access to but not
> the user. After MAPREDUCE-2178, this truncation is done as the user rather
> than as the TT, so we don't need to perform this check.
> Not performing the check avoids a fork() call which we've found to be
> troublesome since it doubles vmem consumption and thus requires that users
> bump mapred.child.ulimit to >2x the expected child heap size.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
