hadoop-mapreduce-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Lowe (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (MAPREDUCE-5475) MRClientService does not verify ACLs properly
Date Sat, 24 Aug 2013 01:02:39 GMT

     [ https://issues.apache.org/jira/browse/MAPREDUCE-5475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jason Lowe reopened MAPREDUCE-5475:
-----------------------------------


Reverting this again... With YARN-707 users can see their own jobs again, but other users
can still kill them because the token user is always the app submitter, and the AM sees all
authenticated client connections coming from that user.
                
> MRClientService does not verify ACLs properly
> ---------------------------------------------
>
>                 Key: MAPREDUCE-5475
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5475
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: mr-am, mrv2
>    Affects Versions: 2.0.4-alpha, 0.23.9
>            Reporter: Jason Lowe
>            Assignee: Jason Lowe
>            Priority: Blocker
>             Fix For: 2.1.1-beta
>
>         Attachments: MAPREDUCE-5475.branch-0.23.patch, MAPREDUCE-5475.patch
>
>
> When MRClientService receives requests, it calls verifyAndGetJob which does not actually
validate that the current user has the proper access.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message