Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-47 [Umbrella] Security issues in YARN
  3. YARN-617

In unsercure mode, AM can fake resource requirements

VotersStop watchingWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • 2.1.0-beta
    • None
    • None
    • Reviewed

    Description

      Without security, it is impossible to completely avoid AMs faking resources. We can at the least make it as difficult as possible by using the same container tokens and the RM-NM shared key mechanism over unauthenticated RM-NM channel.

      In the minimum, this will avoid accidental bugs in AMs in unsecure mode.

      Attachments

        1. YARN-617-20130516.branch-2.patch
          151 kB
          Omkar Vinit Joshi
        2. YARN-617-20130516.trunk.patch
          151 kB
          Omkar Vinit Joshi
        3. YARN-617-20130515.patch
          126 kB
          Omkar Vinit Joshi
        4. YARN-617-20130513.patch
          127 kB
          Omkar Vinit Joshi
        5. YARN-617.20130508.patch
          130 kB
          Omkar Vinit Joshi
        6. YARN-617-20130507.patch
          53 kB
          Omkar Vinit Joshi
        7. YARN-617.20130502.patch
          37 kB
          Omkar Vinit Joshi
        8. YARN-617.20130501.1.patch
          16 kB
          Omkar Vinit Joshi
        9. YARN-617.20130501.patch
          15 kB
          Omkar Vinit Joshi

        Issue Links

        blocks

        Sub-task - The sub-task of the issue YARN-613 Create NM proxy per NM instead of per container

        • Major - Major loss of function.
        • Closed
        breaks

        Bug - A problem which impairs or prevents the functions of the product. MAPREDUCE-5257 TestContainerLauncherImpl fails

        • Major - Major loss of function.
        • Closed

        Bug - A problem which impairs or prevents the functions of the product. MAPREDUCE-5261 TestRMContainerAllocator is exiting and failing the build

        • Major - Major loss of function.
        • Closed
        is blocked by

        Sub-task - The sub-task of the issue YARN-582 Restore appToken and clientToken for app attempt after RM restart

        • Major - Major loss of function.
        • Closed
        is related to

        Bug - A problem which impairs or prevents the functions of the product. YARN-713 ResourceManager can exit unexpectedly if DNS is unavailable

        • Critical - Crashes, loss of data, severe memory leak.
        • Closed

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ojoshi Omkar Vinit Joshi
            vinodkv Vinod Kumar Vavilapalli
            Votes:
            0 Vote for this issue
            Watchers:
            7 Stop watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment