Affects Version/s: 0.22.0
Fix Version/s: 0.22.0
Release Note:The TaskTracker now uses the libhadoop JNI library to operate securely on local files when security is enabled. Secure clusters must ensure that libhadoop.so is available to the TaskTracker.
This JIRA is to contribute a patch developed on the private security@ mailing list.
The vulnerability is that MR daemons occasionally open files that are located in a path where the user has write access. A malicious user may place a symlink in place of the expected file in order to cause the daemon to instead read another file on the system – one which the attacker may not naturally be able to access. This includes delegation tokens belong to other users, log files, keytabs, etc.
|Status||Resolved [ 5 ]||Closed [ 6 ]|
|Status||Patch Available [ 10002 ]||Resolved [ 5 ]|
|Release Note||The TaskTracker now uses the libhadoop JNI library to operate securely on local files when security is enabled. Secure clusters must ensure that libhadoop.so is available to the TaskTracker.|
|Resolution||Fixed [ 1 ]|
|Status||Open [ 1 ]||Patch Available [ 10002 ]|
|Fix Version/s||0.22.0 [ 12314184 ]|