Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6898

FileSystem.copyToLocal creates files with 777 permissions

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: fs, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous – even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

        Attachments

          Activity

            People

            • Assignee:
              atm Aaron T. Myers
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: