[YARN-6709] Root privilege escalation in experimental Docker support - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.8.0, 3.0.0-alpha1, 3.0.0-alpha2
Fix Version/s: 2.8.1, 3.0.0-alpha3
Component/s: nodemanager, security
Labels:
- security

Release Note:
CVE-2017-7669 / YARN's Docker support did not do enough input validation. This allowed a root level escalation from an ordinary user account.
Flags:

Important
External issue ID:
CVE-2017-7669

Description

~~YARN-3853~~ and friends do not do enough input validation. They allow a user to do escalate privileges at root trivially. See https://effectivemachines.com/2017/06/02/docker-security-in-framework-managed-multi-user-environments/ for more information.

Attachments

Activity

People

Assignee:: Varun Vasudev

Reporter:: Allen Wittenauer

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Jun/17 15:25

Updated:: 28/Aug/17 18:08

Resolved:: 13/Jun/17 15:26