Hadoop 1.0.3 Symlink

2012-06-30T00:00:00
ID PACKETSTORM:114370
Type packetstorm
Reporter Simon .
Modified 2012-06-30T00:00:00

Description

                                        
                                            `Software : hadoop-1.0.3  
Vulnerability : Symlink  
Problem type : local  
CVE ID : CVE-2012-2945  
Date : May 28, 2012  
Affected : min May 08, 2012  
  
  
  
  
Symptom:  
  
$ echo $JAVA_HOME  
/usr/lib/jvm/java-7-openjdk  
$ file /tmp/hadoop-root-tasktracker.pid  
/tmp/hadoop-root-tasktracker.pid: symbolic link to `/etc/passwd-'  
$ sh bin/start-all.sh  
starting namenode, logging to  
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-namenode-t0.out  
root@localhost's password:  
localhost: starting datanode, logging to  
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-datanode-t0.out  
root@localhost's password:  
localhost: starting secondarynamenode, logging to  
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-secondarynamenode-t0.out  
starting jobtracker, logging to  
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-jobtracker-t0.out  
root@localhost's password:  
localhost: starting tasktracker, logging to  
/home/cloudopfer/src/hadoop-1.0.3/libexec/../logs/hadoop-root-tasktracker-t0.out  
$ tail -1 /etc/passwd-  
10544  
  
Problem:  
  
$ grep tmp src/hadoop-1.0.3/conf/hadoop-env.sh  
# The directory where pid files are stored. /tmp by default.  
  
as pointed out by CVE Team:  
"Incidentally, it seems that in Hadoop 1.x, only the  
HADOOP_PID_DIR setting is affected, but in Hadoop 2.x, both the  
HADOOP_PID_DIR and HADOOP_SECURE_DN_PID_DIR settings might be  
affected:  
  
http://svn.apache.org/repos/asf/hadoop/common/branches/branch-2/hadoop-common-project/hadoop-common/src/main/conf/hadoop-env.sh  
  
# The directory where pid files are stored. /tmp by default.  
export HADOOP_PID_DIR=${HADOOP_PID_DIR}  
export HADOOP_SECURE_DN_PID_DIR=${HADOOP_PID_DIR}  
"  
  
  
Solution:  
  
Hadoop Cloud Specialists (lol) should edit conf/hadoop-env and change  
the pid file directory to something sane.  
  
Impact:  
  
Low  
  
Timeline:  
  
May 25 - got drunk  
May 26 - got drunk  
May 27 - MARK -  
May 28 - playing around with hadoop  
- notified security@  
- got reply, clarified things  
Jul 01 - get rid of this ;)  
  
  
Greetings:  
  
To CVE Team!  
To srm, Dude!  
To the usual suspects  
To those, who trust me.  
To all who stay real.  
  
Simon  
.  
  
  
`