john lilley created YARN-10007:
----------------------------------
Summary: YARN logs contain environment variables, which is a
security risk
Key: YARN-10007
URL: https://issues.apache.org/jira/browse/YARN-10007
Project: Hadoop YARN
Issue Type: Bug
Components: yarn
Reporter: john lilley
In most environments it is standard practice to relay "secrets" via environment
variables when spawning a process, because the alternatives (command-line args
or storing in a file) are insecure. However, in a YARN application, this also
appears to be insecure because the environment is logged. While YARN has the
ability to relay delegation tokens in the launch context, it is unclear how to
use this facility for generalized "secrets" that may not conform to
security-token structure.
For example, the RPDM_KEYSTORE_PASSWORDS env var is found in the aggregated
YARN logs:
{{Container: container_e06_1574362398372_0023_01_000001 on
node6.xxxxxxxx.com_45454}}
{{LogAggregationType: AGGREGATED}}
{{============================================================================================}}
{{LogType:launch_container.sh}}
{{LogLastModifiedTime:Sat Nov 23 14:58:12 -0700 2019}}
{{LogLength:4043}}
{{LogContents:}}
{{#!/bin/bash}}{{set -o pipefail -e}}
{{[...]export
HADOOP_YARN_HOME=${HADOOP_YARN_HOME:-"/usr/hdp/2.6.5.1175-1/hadoop-yarn"}}}
{{export
RPDM_KEYSTORE_PASSWORDS="eyJnZW5lcmFsIjoiZmtQZllubmVLRVo4c1Z0V0REQ3gxaHJzRnVjdVN5b1NBTE9OUTF1dEZpZ1x1MDAzZCJ9"}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
