Hadoop Common
  1. Hadoop Common
  2. HADOOP-6898

FileSystem.copyToLocal creates files with 777 permissions

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.22.0
    • Component/s: fs, security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous – even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

      1. hadoop-6898.0.txt
        2 kB
        Aaron T. Myers

        Activity

        Todd Lipcon created issue -
        Hide
        Ranjit Mathew added a comment -

        Is there no umask set for the corresponding user?

        (Even if the default permissions are 777, the umask setting should have stripped some of them out upon file-creation.)

        Show
        Ranjit Mathew added a comment - Is there no umask set for the corresponding user? (Even if the default permissions are 777, the umask setting should have stripped some of them out upon file-creation.)
        Hide
        Todd Lipcon added a comment -

        The umask is set, but create() actually specifically chmods the file to 777 after it's created.

        Show
        Todd Lipcon added a comment - The umask is set, but create() actually specifically chmods the file to 777 after it's created.
        Hide
        Vivek Mishra added a comment -

        Solution to this issue is to use:

        FsPermission.getUMask(this.getConf()) !=null?FsPermission.getUMask(this.getConf()):FsPermission.getDefault().

        Please suggest.

        Show
        Vivek Mishra added a comment - Solution to this issue is to use: FsPermission.getUMask(this.getConf()) !=null?FsPermission.getUMask(this.getConf()):FsPermission.getDefault(). Please suggest.
        Hide
        Nigel Daley added a comment -

        Marking it as a blocker for now. Not, however, a regression.

        Show
        Nigel Daley added a comment - Marking it as a blocker for now. Not, however, a regression.
        Nigel Daley made changes -
        Field Original Value New Value
        Priority Critical [ 2 ] Blocker [ 1 ]
        Todd Lipcon made changes -
        Assignee Aaron T. Myers [ atm ]
        Hide
        Nigel Daley added a comment -

        Aaron, any update on this for 0.22?

        Show
        Nigel Daley added a comment - Aaron, any update on this for 0.22?
        Hide
        Aaron T. Myers added a comment -

        Sorry for the delay, Nigel. Patch attached.

        Show
        Aaron T. Myers added a comment - Sorry for the delay, Nigel. Patch attached.
        Aaron T. Myers made changes -
        Attachment hadoop-6898.0.txt [ 12475985 ]
        Aaron T. Myers made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Hide
        Hadoop QA added a comment -

        +1 overall. Here are the results of testing the latest attachment
        http://issues.apache.org/jira/secure/attachment/12475985/hadoop-6898.0.txt
        against trunk revision 1090485.

        +1 @author. The patch does not contain any @author tags.

        +1 tests included. The patch appears to include 3 new or modified tests.

        +1 javadoc. The javadoc tool did not generate any warning messages.

        +1 javac. The applied patch does not increase the total number of javac compiler warnings.

        +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings.

        +1 release audit. The applied patch does not increase the total number of release audit warnings.

        +1 core tests. The patch passed core unit tests.

        +1 contrib tests. The patch passed contrib unit tests.

        +1 system test framework. The patch passed system test framework compile.

        Test results: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//testReport/
        Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
        Console output: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//console

        This message is automatically generated.

        Show
        Hadoop QA added a comment - +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12475985/hadoop-6898.0.txt against trunk revision 1090485. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 3 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version 1.3.9) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. +1 system test framework. The patch passed system test framework compile. Test results: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//testReport/ Findbugs warnings: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://hudson.apache.org/hudson/job/PreCommit-HADOOP-Build/340//console This message is automatically generated.
        Hide
        Tom White added a comment -

        +1

        Show
        Tom White added a comment - +1
        Hide
        Tom White added a comment -

        I've just committed this. Thanks Aaron!

        Show
        Tom White added a comment - I've just committed this. Thanks Aaron!
        Tom White made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags [Reviewed]
        Resolution Fixed [ 1 ]
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk-Commit #547 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/547/)
        HADOOP-6898. FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.

        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk-Commit #547 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk-Commit/547/ ) HADOOP-6898 . FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-22-branch #39 (See https://hudson.apache.org/hudson/job/Hadoop-Common-22-branch/39/)
        Merge -r 1091587:1091588 from trunk to branch-0.22. Fixes: HADOOP-6898

        Show
        Hudson added a comment - Integrated in Hadoop-Common-22-branch #39 (See https://hudson.apache.org/hudson/job/Hadoop-Common-22-branch/39/ ) Merge -r 1091587:1091588 from trunk to branch-0.22. Fixes: HADOOP-6898
        Hide
        Hudson added a comment -

        Integrated in Hadoop-Common-trunk #660 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/660/)
        HADOOP-6898. FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.

        Show
        Hudson added a comment - Integrated in Hadoop-Common-trunk #660 (See https://hudson.apache.org/hudson/job/Hadoop-Common-trunk/660/ ) HADOOP-6898 . FileSystem.copyToLocal creates files with 777 permissions. Contributed by Aaron T. Myers.
        Konstantin Shvachko made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Patch Available Patch Available
        250d 7h 22m 1 Aaron T. Myers 11/Apr/11 08:14
        Patch Available Patch Available Resolved Resolved
        1d 14h 20m 1 Tom White 12/Apr/11 22:35
        Resolved Resolved Closed Closed
        243d 7h 44m 1 Konstantin Shvachko 12/Dec/11 06:19

          People

          • Assignee:
            Aaron T. Myers
            Reporter:
            Todd Lipcon
          • Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development