Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-2178

Race condition in LinuxTaskController permissions handling

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.22.0
    • Fix Version/s: 0.22.1
    • Component/s: security, task-controller
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod on the files inside. There is a race condition here which can be exploited by an attacker, causing the task-controller to improprly chown an arbitrary target file (via a symlink) to the user running a MR job. This can be exploited to escalate to root.

      [this issue was raised and discussed on the security@ list over the last couple of months]

        Attachments

        1. mr-2178-y20-sortof.patch
          505 kB
          Todd Lipcon
        2. 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch
          5 kB
          Todd Lipcon
        3. 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch
          1 kB
          Todd Lipcon
        4. 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch
          1 kB
          Todd Lipcon
        5. ac-sys-largefile.patch
          0.9 kB
          Todd Lipcon
        6. mr-2178-error-on-launch-fail.txt
          0.6 kB
          Todd Lipcon
        7. racy-config-check-test-changes.txt
          4 kB
          Todd Lipcon
        8. mapreduce-2178-test-compile-fix.txt
          0.7 kB
          Todd Lipcon
        9. mr-2178-0.22.txt
          522 kB
          Todd Lipcon
        10. mr-2178.patch
          502 kB
          Benoy Antony
        11. mr-2178-022.patch
          605 kB
          Benoy Antony
        12. mr-2178-022.patch
          524 kB
          Benoy Antony
        13. mr-2178-022.patch
          525 kB
          Benoy Antony

          Issue Links

            Activity

              People

              • Assignee:
                benoyantony Benoy Antony
                Reporter:
                tlipcon Todd Lipcon
              • Votes:
                0 Vote for this issue
                Watchers:
                22 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: