Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6898

FileSystem.copyToLocal creates files with 777 permissions

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • None
    • 0.22.0
    • fs, security
    • None
    • Reviewed

    Description

      FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous – even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

      Attachments

        1. hadoop-6898.0.txt
          2 kB
          Aaron Myers

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            atm Aaron Myers
            tlipcon Todd Lipcon
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment