Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-51

[MR-279] [Security] AM should not be able to abuse container tokens for repetitive container launches

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Blocker
    • Resolution: Duplicate
    • None
    • None
    • nodemanager
    • None

    Description

      ApplicationMaster should not be able to store container tokens and use the same set of tokens for repetitive container launches. The possibility of such abuse is there in the current code, we need to fix this.

      A cache of recent containers on the NM along with container token expiry time should solve this.

      Attachments

        Issue Links

          is duplicated by

          Sub-task - The sub-task of the issue MAPREDUCE-3256 Authorization checks needed for AM->NM protocol

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Sub-task - The sub-task of the issue YARN-62 AM should not be able to abuse container tokens for repetitive container launches

          • Major - Major loss of function.
          • Closed

          Activity

            People

              vinodkv Vinod Kumar Vavilapalli
              vinodkv Vinod Kumar Vavilapalli
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: