[MAPREDUCE-2096] Secure local filesystem IO from symlink vulnerabilities - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 0.22.0
Fix Version/s: 0.22.0
Component/s: jobtracker, security, tasktracker
Labels:
None

Hadoop Flags:

Reviewed
Release Note:
The TaskTracker now uses the libhadoop JNI library to operate securely on local files when security is enabled. Secure clusters must ensure that libhadoop.so is available to the TaskTracker.

Description

This JIRA is to contribute a patch developed on the private security@ mailing list.

The vulnerability is that MR daemons occasionally open files that are located in a path where the user has write access. A malicious user may place a symlink in place of the expected file in order to cause the daemon to instead read another file on the system – one which the attacker may not naturally be able to access. This includes delegation tokens belong to other users, log files, keytabs, etc.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

mapreduce-2096.2.txt
29/Dec/10 22:53
24 kB
Todd Lipcon
mapreduce-2096.txt
06/Dec/10 19:32
24 kB
Todd Lipcon
mapreduce-2096-index-oob.txt
08/Oct/10 19:42
0.5 kB
Todd Lipcon
secure-files-authorized-jvm-fix.txt
04/Oct/10 05:55
2 kB
Todd Lipcon
secure-files-9.txt
28/Sep/10 20:14
1.81 MB
Todd Lipcon

Issue Links

is blocked by

HADOOP-6978 Add JNI support for secure IO operations

Closed

Activity

People

Assignee:: Todd Lipcon

Reporter:: Todd Lipcon

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 28/Sep/10 19:46

Updated:: 12/Dec/11 06:18

Resolved:: 06/Jan/11 18:42