[MAPREDUCE-3256] Authorization checks needed for AM->NM protocol - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 0.23.0
Fix Version/s: 0.23.0
Component/s: applicationmaster, mrv2, nodemanager, security
Labels:
None

Description

We already authenticate requests to NM from any AM. We also need to authorize the requests, otherwise a rogue AM, but with proper tokens and thus authenticated to talk to NM, could either launch or kill a container with different ContainerID. We have two options:

Remove the explicit passing of the ContainerId as part of the API and instead get it from the RPC layer. In this case, we will need a ContainerToken for each container.
Do explicit authorization checks without relying on getting ContainerID from the RPC.

One ContainerToken per container is a serious restriction. We anyways want to be able to use application-ACLS to, say, stop containers owned by others. So I am going to take the later route of explicit checks.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

MAPREDUCE-3256-20111028.1.txt
28/Oct/11 16:36
72 kB
Vinod Kumar Vavilapalli
MAPREDUCE-3256-20111028.2_same
28/Oct/11 20:38
70 kB
Arun Murthy
MAPREDUCE-3256-20111028.2.txt
28/Oct/11 19:20
70 kB
Vinod Kumar Vavilapalli
MAPREDUCE-3256-20111029.1.txt
29/Oct/11 07:38
80 kB
Vinod Kumar Vavilapalli
MAPREDUCE-3256-20111029.txt
29/Oct/11 06:59
80 kB
Vinod Kumar Vavilapalli

Issue Links

duplicates

YARN-51 [MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

Closed

Activity

People

Assignee:: Vinod Kumar Vavilapalli

Reporter:: Vinod Kumar Vavilapalli

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 25/Oct/11 05:39

Updated:: 15/Nov/11 00:48

Resolved:: 29/Oct/11 09:37