Hadoop Map/Reduce
  1. Hadoop Map/Reduce
  2. MAPREDUCE-2096

Secure local filesystem IO from symlink vulnerabilities

    Details

    • Hadoop Flags:
      Reviewed
    • Release Note:
      The TaskTracker now uses the libhadoop JNI library to operate securely on local files when security is enabled. Secure clusters must ensure that libhadoop.so is available to the TaskTracker.

      Description

      This JIRA is to contribute a patch developed on the private security@ mailing list.

      The vulnerability is that MR daemons occasionally open files that are located in a path where the user has write access. A malicious user may place a symlink in place of the expected file in order to cause the daemon to instead read another file on the system – one which the attacker may not naturally be able to access. This includes delegation tokens belong to other users, log files, keytabs, etc.

      1. secure-files-9.txt
        1.81 MB
        Todd Lipcon
      2. secure-files-authorized-jvm-fix.txt
        2 kB
        Todd Lipcon
      3. mapreduce-2096-index-oob.txt
        0.5 kB
        Todd Lipcon
      4. mapreduce-2096.txt
        24 kB
        Todd Lipcon
      5. mapreduce-2096.2.txt
        24 kB
        Todd Lipcon

        Issue Links

          Activity

            People

            • Assignee:
              Todd Lipcon
              Reporter:
              Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development