big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HADOOP-19031. Enhance access control for RunJar. (#6427). Contributed by He Xiaoqiao.

Browse Source 
Signed-off-by: Shuyan Zhang <zhangshuyan@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
This commit is contained in:
Hexiaoqiao 2024-01-17 15:00:06 +08:00 committed by GitHub
parent 7b1570e2f1
commit 9634bd31e6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/RunJar.java
View File

@ -28,10 +28,14 @@
import java.net.URL; import java.net.URL;
import java.net.URLClassLoader; import java.net.URLClassLoader;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.List; import java.util.List;
import java.util.Set;
import java.util.jar.JarEntry; import java.util.jar.JarEntry;
import java.util.jar.JarFile; import java.util.jar.JarFile;
import java.util.jar.JarInputStream; import java.util.jar.JarInputStream;
@ -287,20 +291,18 @@ public void run(String[] args) throws Throwable {
final File workDir; final File workDir;
try { try {
workDir = File.createTempFile("hadoop-unjar", "", tmpDir); FileAttribute<Set<PosixFilePermission>> perms = PosixFilePermissions
} catch (IOException ioe) { .asFileAttribute(PosixFilePermissions.fromString("rwx------"));
workDir = Files.createTempDirectory(tmpDir.toPath(), "hadoop-unjar", perms).toFile();
} catch (IOException | SecurityException e) {
// If user has insufficient perms to write to tmpDir, default // If user has insufficient perms to write to tmpDir, default
// "Permission denied" message doesn't specify a filename. // "Permission denied" message doesn't specify a filename.
System.err.println("Error creating temp dir in java.io.tmpdir " System.err.println("Error creating temp dir in java.io.tmpdir "
+ tmpDir + " due to " + ioe.getMessage()); + tmpDir + " due to " + e.getMessage());
System.exit(-1); System.exit(-1);
return; return;
} }
if (!workDir.delete()) {
System.err.println("Delete failed for " + workDir);
System.exit(-1);
}
ensureDirectory(workDir); ensureDirectory(workDir);
ShutdownHookManager.get().addShutdownHook( ShutdownHookManager.get().addShutdownHook(