[MAPREDUCE-1994] Linux task-controller determines its own path insecurely - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.22.0
Fix Version/s: None
Component/s: security, task-controller
Labels:
None

Description

The task-controller uses argv[0] to determine its own path, and then calls stat() on that. Instead it should stat("/proc/self/exe") directly. This is important since argv[0] can be spoofed to point to another program and thus either fool the autodetection of HADOOP_HOME or evade various permissions checks.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

mapreduce-1994-prelim.txt
07/Aug/10 00:03
6 kB
Todd Lipcon

Activity

People

Assignee:: Todd Lipcon

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 04/Aug/10 22:40

Updated:: 30/Jul/14 23:21

Resolved:: 30/Jul/14 23:21