[ https://issues.apache.org/jira/browse/MAPREDUCE-2178?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13289425#comment-13289425 ]
Hudson commented on MAPREDUCE-2178: ----------------------------------- Integrated in Hadoop-Mapreduce-22-branch #104 (See [https://builds.apache.org/job/Hadoop-Mapreduce-22-branch/104/]) MAPREDUCE-2178. Race condition in LinuxTaskController permissions handling. Contributed by Todd Lipcon and Benoy Antony. (Revision 1346214) Result = SUCCESS shv : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1346214 Files : * /hadoop/common/branches/branch-0.22/mapreduce/CHANGES.txt * /hadoop/common/branches/branch-0.22/mapreduce/build.xml * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/Makefile.am * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configuration.c * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configuration.h * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/configure.ac * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/configuration.c * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/configuration.h * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/main.c * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.c * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/impl/task-controller.h * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/task-controller.c * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/task-controller.h * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/test * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/test/test-task-controller.c * /hadoop/common/branches/branch-0.22/mapreduce/src/c++/task-controller/tests/test-task-controller.c * /hadoop/common/branches/branch-0.22/mapreduce/src/contrib/streaming/src/java/org/apache/hadoop/streaming/PipeMapRed.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/Child.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/CleanupQueue.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/DefaultTaskController.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/IsolationRunner.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JobInProgress.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JobLocalizer.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/JvmManager.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/LinuxTaskController.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/LocalJobRunner.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/MapTask.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/MapTaskRunner.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/ReduceTask.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/ReduceTaskRunner.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/Task.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskController.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskLog.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskMemoryManagerThread.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskRunner.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskTracker.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/TaskUmbilicalProtocol.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapred/UserLogCleaner.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/JobContext.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/JobSubmissionFiles.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/DistributedCache.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/TaskDistributedCacheManager.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/filecache/TrackerDistributedCacheManager.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/chain/ChainMapContextImpl.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/chain/ChainReduceContextImpl.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/map/WrappedMapper.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/lib/reduce/WrappedReducer.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/security/TokenCache.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/server/tasktracker/Localizer.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/task/JobContextImpl.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/MRAsyncDiskService.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/ProcessTree.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/mapreduce/util/ProcfsBasedProcessTree.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/util/ProcessTree.java * /hadoop/common/branches/branch-0.22/mapreduce/src/java/org/apache/hadoop/util/ProcfsBasedProcessTree.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/ClusterWithLinuxTaskController.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestDebugScript.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobExecutionAsDifferentUser.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobKillAndFail.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJobRetire.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestJvmManager.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestKillSubProcesses.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestLinuxTaskController.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestMapRed.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestMiniMRWithDFS.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestSequenceFileInputFormat.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskCommit.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskTrackerLocalization.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTaskTrackerMemoryManager.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestTrackerDistributedCacheManagerWithLinuxTaskController.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/TestUserLogCleanup.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapred/UtilsForTests.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapreduce/filecache/TestTrackerDistributedCacheManager.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/org/apache/hadoop/mapreduce/util/TestProcfsBasedProcessTree.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/mapred/testshell/ExternalMapReduce.java * /hadoop/common/branches/branch-0.22/mapreduce/src/test/unit/org/apache/hadoop/mapred/TestTaskTrackerDirectories.java > Race condition in LinuxTaskController permissions handling > ---------------------------------------------------------- > > Key: MAPREDUCE-2178 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-2178 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: security, task-controller > Affects Versions: 0.22.0 > Reporter: Todd Lipcon > Assignee: Benoy Antony > Fix For: 0.22.1 > > Attachments: > 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch, > 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch, > 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch, > ac-sys-largefile.patch, mapreduce-2178-test-compile-fix.txt, > mr-2178-0.22.txt, mr-2178-022.patch, mr-2178-022.patch, mr-2178-022.patch, > mr-2178-error-on-launch-fail.txt, mr-2178-y20-sortof.patch, mr-2178.patch, > racy-config-check-test-changes.txt > > > The linux-task-controller executable currently traverses a directory > heirarchy and calls chown/chmod on the files inside. There is a race > condition here which can be exploited by an attacker, causing the > task-controller to improprly chown an arbitrary target file (via a symlink) > to the user running a MR job. This can be exploited to escalate to root. > [this issue was raised and discussed on the security@ list over the last > couple of months] -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira