[jira] [Updated] (YARN-5836) NMToken passwd not checked in ContainerManagerImpl, malicious AM can fake the Token and kill containers of other apps at will

2016-11-15 Thread Botong Huang (JIRA)
[ https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Botong Huang updated YARN-5836: --- Description: When AM calls NM via {{ContainerManagementProtocol}}, the NMToken is suppied for authenti

[jira] [Updated] (YARN-5836) NMToken passwd not checked in ContainerManagerImpl, malicious AM can fake the Token and kill containers of other apps at will

2016-11-04 Thread Botong Huang (JIRA)
[ https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Botong Huang updated YARN-5836: --- Description: When AM calls NM via stopContainers() in ContainerManagementProtocol, the NMToken (genera

[jira] [Updated] (YARN-5836) NMToken passwd not checked in ContainerManagerImpl, malicious AM can fake the Token and kill containers of other apps at will

2016-11-04 Thread Botong Huang (JIRA)
[ https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Botong Huang updated YARN-5836: --- Summary: NMToken passwd not checked in ContainerManagerImpl, malicious AM can fake the Token and kill c