Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-2178

Race condition in LinuxTaskController permissions handling

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.22.0
    • 0.22.1
    • security, task-controller
    • None
    • Reviewed

    Description

      The linux-task-controller executable currently traverses a directory heirarchy and calls chown/chmod on the files inside. There is a race condition here which can be exploited by an attacker, causing the task-controller to improprly chown an arbitrary target file (via a symlink) to the user running a MR job. This can be exploited to escalate to root.

      [this issue was raised and discussed on the security@ list over the last couple of months]

      Attachments

        1. mr-2178-y20-sortof.patch
          505 kB
          Todd Lipcon
        2. 0001-Amend-MAPREDUCE-2178.-Fix-racy-check-for-config-file.patch
          5 kB
          Todd Lipcon
        3. 0002-Amend-MAPREDUCE-2178.-Check-argc-after-checks-for-pe.patch
          1 kB
          Todd Lipcon
        4. 0003-Amend-MAPREDUCE-2178.-Check-result-of-chdir.patch
          1 kB
          Todd Lipcon
        5. ac-sys-largefile.patch
          0.9 kB
          Todd Lipcon
        6. mr-2178-error-on-launch-fail.txt
          0.6 kB
          Todd Lipcon
        7. racy-config-check-test-changes.txt
          4 kB
          Todd Lipcon
        8. mapreduce-2178-test-compile-fix.txt
          0.7 kB
          Todd Lipcon
        9. mr-2178-0.22.txt
          522 kB
          Todd Lipcon
        10. mr-2178.patch
          502 kB
          Benoy Antony
        11. mr-2178-022.patch
          605 kB
          Benoy Antony
        12. mr-2178-022.patch
          524 kB
          Benoy Antony
        13. mr-2178-022.patch
          525 kB
          Benoy Antony

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. MAPREDUCE-2376 test-task-controller fails if run as a userid < 1000

          • Major - Major loss of function.
          • Open

          Bug - A problem which impairs or prevents the functions of the product. MAPREDUCE-2266 JvmManager sleeps between SIGTERM and SIGKILL while holding many TT locks

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. MAPREDUCE-2371 TaskLogsTruncater does not need to check log ownership when running as Child

          • Major - Major loss of function.
          • Resolved
          incorporates

          Bug - A problem which impairs or prevents the functions of the product. MAPREDUCE-2242 LinuxTaskController doesn't properly escape environment variables

          • Major - Major loss of function.
          • Open
          is blocked by

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-7338 LocalDirAllocator improvements for MR-2178

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Improvement - An improvement or enhancement to an existing feature or task. MAPREDUCE-2373 When tasks exit with a nonzero exit status, task runner should log the stderr as well as stdout

          • Major - Major loss of function.
          • Open

          Task - A task that needs to be done. HADOOP-8357 Restore security in Hadoop 0.22 branch

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              benoyantony Benoy Antony
              tlipcon Todd Lipcon
              Votes:
              0 Vote for this issue
              Watchers:
              22 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: