Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-2198 Remove the need to run NodeManager as privileged account for Windows Secure Container Executor
  3. YARN-2552

Windows Secure Container Executor: the privileged file operations of hadoopwinutilsvc should be constrained to localdirs only

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotVotersWatch issueWatchersConvert to IssueMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Implemented
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: nodemanager

      Description

      YARN-2458 added file manipulation operations executed in an elevated context by hadoopwinutilsvc. W/o any constraint, the NM (or a hijacker that takes over the NM) can manipulate arbitrary OS files under highest possible privileges, an easy elevation attack vector. The service should only allow operations on files/directories that are under the configured NM localdirs. It should read this value from wsce-site.xml, as the yarn-site.xml cannot be trusted, being writable by Hadoop admins (YARN-2551 ensures wsce-site.xml is only writable by system Administrators, not Hadoop admins).

        Attachments

          Activity

          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              rusanu Remus Rusanu Assign to me
              Reporter:
              rusanu Remus Rusanu

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment