[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ravi Gummadi updated MAPREDUCE-181: --- Attachment: 181.20.s.3.fix.patch Fixing an issue of change in config property name for earlier version of hadoop on top of 181.20.s.3.patch. Not for commit here. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, 181-6.patch, 181-8.patch, > 181.20.s.3.fix.patch, 181.20.s.3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, jobclient.patch, > MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: jobclient.patch Attaching a bugfix to do with using the right jobconf, in the Y20 distribution. Not for commit here. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, 181-6.patch, 181-8.patch, > 181.20.s.3.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, jobclient.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181.20.s.3.patch The patch for the yahoo 0.20 branch (not to be committed) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, 181-6.patch, 181-8.patch, > 181.20.s.3.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-8.patch This fixes Owen's offline comments about having a finite limit on the split meta info that the JobTracker reads. The other comment was about a typo in writJobSplitMetaInfo. I also fixed the testcases. To be specific, w.r.t the earlier patch, the differences in this w.r.t the testcases are in 1) TestSubmitJob.java / TestSeveral.java / ClusterWithLinuxTaskController.java where i setup the staging area root directory with proper permissions so that job clients can create the ".staging" directories there. Other than that a javadoc warning is fixed. I ran "test-patch" locally and it passed. "ant test" is in progress. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, 181-6.patch, 181-8.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-6.patch In my local tests, i discovered that i had to do a bunch of changes to work around the extra checks that i introduced in the last patch. One of them being check for ownership of the staging dir now includes a check for the UGI of the submitting user (otherwise tests that fake UGI were failing during job submission). I also introduced a method for getting the staging area location from the JobTracker (so that the user's home dir doesn't get clobbered with files in .staging dir when tests are run). I am still testing this patch. With the server side groups patch in, i might need to do some minor changes in the testcases for them to work in the new model of job submission. But this should mostly be good overall.. Up for review. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, 181-6.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Open (was: Patch Available) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-5.1.patch Sorry, the last patch had a silly bug in the new checks i introduced. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Patch Available (was: Open) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, 181-5.1.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Open (was: Patch Available) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-5.1.patch Thanks for the review, Owen. This patch addresses the concerns. I also did one more change - the JobInProgress constructor now checks whether the username in the submitted jobconf is the same as the one obtained from the UGI, and if not, fails the job submission. Ideally, we should not use conf.getUser anywhere but since it is used even in the TaskTracker code, i left it as it is but instead fail the job submission if the user string from the two sources don't match.. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Patch Available (was: Open) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Open (was: Patch Available) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, 181-5.1.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-4.patch Attaching a patch that has fixes to do with TestGridmixSubmission and TestMultipleInputs. I had forgotten to change those testcases in the earlier patches. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Patch Available (was: Open) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > 181-4.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Open (was: Patch Available) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Patch Available (was: Open) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-3.patch Corrected patch. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, 181-3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Open (was: Patch Available) My bad. My last patch had a silly change that led to the test failures. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-3.patch This patch fixes the findbugs warning and does some cleanup of the testcases. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Patch Available (was: Open) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, 181-3.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Status: Open (was: Patch Available) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Fix Version/s: 0.22.0 Status: Patch Available (was: Open) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-2.patch Quite close i think. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Fix For: 0.22.0 > > Attachments: 181-1.patch, 181-2.patch, > hadoop-3578-branch-20-example-2.patch, hadoop-3578-branch-20-example.patch, > HADOOP-3578-v2.6.patch, HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, > MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Devaraj Das updated MAPREDUCE-181: -- Attachment: 181-1.patch Uploading a patch for review. The patch has most of the core functionality changes (including changes to LocalJob/Isolation runners, and mumak). I am still fixing the testcases. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Devaraj Das > Attachments: 181-1.patch, hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.32.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vinod K V updated MAPREDUCE-181: Issue Type: Sub-task (was: Bug) Parent: MAPREDUCE-563 > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Sub-task >Reporter: Amar Kamat >Assignee: Amar Kamat > Attachments: hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amar Kamat updated MAPREDUCE-181: - Attachment: MAPRED-181-v3.8.patch Attaching a patch for review. Testing in progress. > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Bug >Reporter: Amar Kamat >Assignee: Amar Kamat > Attachments: hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Updated: (MAPREDUCE-181) Secure job submission
[ https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Amar Kamat updated MAPREDUCE-181: - Summary: Secure job submission (was: mapred.system.dir should be accessible only to hadoop daemons ) > Secure job submission > -- > > Key: MAPREDUCE-181 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-181 > Project: Hadoop Map/Reduce > Issue Type: Bug >Reporter: Amar Kamat >Assignee: Amar Kamat > Attachments: hadoop-3578-branch-20-example-2.patch, > hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch, > HADOOP-3578-v2.7.patch > > > Currently the jobclient accesses the {{mapred.system.dir}} to add job > details. Hence the {{mapred.system.dir}} has the permissions of > {{rwx-wx-wx}}. This could be a security loophole where the job files might > get overwritten/tampered after the job submission. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.