[ https://issues.apache.org/jira/browse/YARN-5836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Botong Huang updated YARN-5836: ------------------------------- Attachment: (was: YARN-5836.v2.patch) > Malicious AM can kill containers of other apps running in any node its > containers are running > --------------------------------------------------------------------------------------------- > > Key: YARN-5836 > URL: https://issues.apache.org/jira/browse/YARN-5836 > Project: Hadoop YARN > Issue Type: Bug > Components: nodemanager > Reporter: Botong Huang > Assignee: Botong Huang > Priority: Minor > Attachments: YARN-5836.v1.patch > > Original Estimate: 5h > Remaining Estimate: 5h > > When AM calls NM via {{ContainerManagementProtocol}}, the NMToken is suppied > for authentication. The RPC server will verify the password of NMToken > (originally generated by RM) so that we know the content of NMTokenIdentifier > is geniune. > Next, for {{stopContainers()}} and {{getContainerStatus()}}, method > {{authorizeGetAndStopContainerRequest()}} is used to verify that the requsted > containers do belong to the AM by comparing them against the AppId in > NMTokenIdentifier. However, right now when the appId doesn't match, > {{authorizeGetAndStopContainerRequest()}} only log a warning message and > continues to kill the container... Overall a malicious AM can kill containers > of other apps running in any node its containers are running. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org