[YARN-5836] Malicious AM can kill containers of other apps running in any node its containers are running - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.8.0, 3.0.0-alpha2
Component/s: nodemanager
Labels:
None

Hadoop Flags:

Reviewed

Description

When AM calls NM via ContainerManagementProtocol, the NMToken is suppied for authentication. The RPC server will verify the password of NMToken (originally generated by RM) so that we know the content of NMTokenIdentifier is geniune.

Next, for stopContainers() and getContainerStatus(), method authorizeGetAndStopContainerRequest() is used to verify that the requsted containers do belong to the AM by comparing them against the AppId in NMTokenIdentifier. However, right now when the appId doesn't match, authorizeGetAndStopContainerRequest() only log a warning message and continues to kill the container... Overall a malicious AM can kill containers of other apps running in any node its containers are running.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-5836.v2.patch
15/Nov/16 23:09
11 kB
Botong Huang
YARN-5836.v1.patch
15/Nov/16 20:17
10 kB
Botong Huang

Activity

People

Assignee:: Botong Huang

Reporter:: Botong Huang

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 04/Nov/16 15:48

Updated:: 17/Nov/16 00:32

Resolved:: 16/Nov/16 22:50

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified