Hadoop Common
  1. Hadoop Common
  2. HADOOP-6898

FileSystem.copyToLocal creates files with 777 permissions

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: fs, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous – even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

      1. hadoop-6898.0.txt
        2 kB
        Aaron T. Myers

        Activity

        Hide
        Ranjit Mathew added a comment -

        Is there no umask set for the corresponding user?

        (Even if the default permissions are 777, the umask setting should have stripped some of them out upon file-creation.)

        Show
        Ranjit Mathew added a comment - Is there no umask set for the corresponding user? (Even if the default permissions are 777, the umask setting should have stripped some of them out upon file-creation.)
        Hide
        Todd Lipcon added a comment -

        The umask is set, but create() actually specifically chmods the file to 777 after it's created.

        Show
        Todd Lipcon added a comment - The umask is set, but create() actually specifically chmods the file to 777 after it's created.
        Hide
        Vivek Mishra added a comment -

        Solution to this issue is to use:

        FsPermission.getUMask(this.getConf()) !=null?FsPermission.getUMask(this.getConf()):FsPermission.getDefault().

        Please suggest.

        Show
        Vivek Mishra added a comment - Solution to this issue is to use: FsPermission.getUMask(this.getConf()) !=null?FsPermission.getUMask(this.getConf()):FsPermission.getDefault(). Please suggest.
        Hide
        Nigel Daley added a comment -

        Marking it as a blocker for now. Not, however, a regression.

        Show
        Nigel Daley added a comment - Marking it as a blocker for now. Not, however, a regression.
        Hide
        Nigel Daley added a comment -

        Aaron, any update on this for 0.22?

        Show
        Nigel Daley added a comment - Aaron, any update on this for 0.22?
        Hide
        Aaron T. Myers added a comment -

        Sorry for the delay, Nigel. Patch attached.

        Show
        Aaron T. Myers added a comment - Sorry for the delay, Nigel. Patch attached.
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12475985/hadoop-6898.0.txt
        against trunk revision 1090485.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified tests.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        +1 system test framework. The patch passed system test framework compile.

        Test results: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//testReport/
        Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Console output: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12475985/hadoop-6898.0.txt against trunk revision 1090485. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. +1 system test framework. The patch passed system test framework compile. Test results: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//testReport/ Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//console This message is automatically generated.
        Hide
        Tom White added a comment -

        +1

        Show
        Tom White added a comment - +1
        Hide
        Tom White added a comment -

        I've just committed this. Thanks Aaron!

        Show
        Tom White added a comment - I've just committed this. Thanks Aaron!
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #547 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/547/)
        HADOOP-6898. FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.

        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #547 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/547/ ) HADOOP-6898 . FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-22-branch #39 (See https://hudson.apache.org/hudson/job/Hadoop-Common-22-branch/39/)
        Merge -r 1091587:1091588 from trunk to branch-0.22. Fixes: HADOOP-6898

        Show
        Hudson added a comment - Integrated in Hadoop-Common-22-branch #39 (See https://hudson.apache.org/hudson/job/Hadoop-Common-22-branch/39/ ) Merge -r 1091587:1091588 from trunk to branch-0.22. Fixes: HADOOP-6898
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk #660 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/660/)
        HADOOP-6898. FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.

        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk #660 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/660/ ) HADOOP-6898 . FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.

          People

          • Assignee:
            Aaron T. Myers
            Reporter:
            Todd Lipcon
          • Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development