Hadoop Common
  1. Hadoop Common
  2. HADOOP-6898

FileSystem.copyToLocal creates files with 777 permissions

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: fs, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous – even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

      1. hadoop-6898.0.txt
        2 kB
        Aaron T. Myers

        Activity

          People

          • Assignee:
            Aaron T. Myers
            Reporter:
            Todd Lipcon
          • Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development