Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6709

Root privilege escalation in experimental Docker support

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • CVE-2017-7669 / YARN's Docker support did not do enough input validation. This allowed a root level escalation from an ordinary user account.
    • Important
    • CVE-2017-7669

    Description

      YARN-3853 and friends do not do enough input validation. They allow a user to do escalate privileges at root trivially. See https://effectivemachines.com/2017/06/02/docker-security-in-framework-managed-multi-user-environments/ for more information.

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            vvasudev Varun Vasudev
            aw Allen Wittenauer
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment