hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allen Wittenauer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11764) Hadoop should have the option to use directory other than tmp for extracting and loading leveldbjni
Date Thu, 02 Apr 2015 14:58:05 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14392795#comment-14392795
] 

Allen Wittenauer commented on HADOOP-11764:
-------------------------------------------

I'm starting to think more and more that using leveldb is a HUGE mistake.

a) There's this complete nonsense about requiring all this pre-configuration.

b) What prevents a user from inserting a malicious .so into this shared directory?  Given
that we have to default some where like /tmp or even hadoop.tmp.dir, this is a massive security
hole that directly impacts the running daemons.

c) HADOOP-11790 means we've effectively broken the build for probably non-linux, non-x86.

> Hadoop should have the option to use directory other than tmp for extracting and loading
leveldbjni
> ---------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11764
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11764
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Anubhav Dhoot
>            Assignee: Anubhav Dhoot
>         Attachments: YARN-3331.001.patch, YARN-3331.002.patch
>
>
> /tmp can be  required to be noexec in many environments. This causes a problem when 
nodemanager tries to load the leveldbjni library which can get unpacked and executed from
/tmp.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message