org.apache.hadoop.io
Class SecureIOUtils

java.lang.Object
  extended by org.apache.hadoop.io.SecureIOUtils

public class SecureIOUtils
extends Object

This class provides secure APIs for opening and creating files on the local disk. The main issue this class tries to handle is that of symlink traversal.
An example of such an attack is:

  1. Malicious user removes his task's syslog file, and puts a link to the jobToken file of a target user.
  2. Malicious user tries to open the syslog file via the servlet on the tasktracker.
  3. The tasktracker is unaware of the symlink, and simply streams the contents of the jobToken file. The malicious user can now access potentially sensitive map outputs, etc. of the target user's job.
A similar attack is possible involving the TaskLogsTruncater, but here it is to do with unsecure write to a file.


Nested Class Summary
static class SecureIOUtils.AlreadyExistsException
          Signals that an attempt to create a file at a given pathname has failed because another file already existed at that path.
 
Constructor Summary
SecureIOUtils()
           
 
Method Summary
static FileOutputStream createForWrite(File f, int permissions)
          Open the specified File for write access, ensuring that it does not exist.
static FileInputStream openForRead(File f, String expectedOwner)
          Open the given File for read access, verifying the expected user constraints.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecureIOUtils

public SecureIOUtils()
Method Detail

openForRead

public static FileInputStream openForRead(File f,
                                          String expectedOwner)
                                   throws IOException
Open the given File for read access, verifying the expected user constraints.

Parameters:
f - the file that we are trying to open
expectedOwner - the expected user owner for the file
Throws:
IOException - if an IO Error occurred, or the user does not match

createForWrite

public static FileOutputStream createForWrite(File f,
                                              int permissions)
                                       throws IOException
Open the specified File for write access, ensuring that it does not exist.

Parameters:
f - the file that we want to create
permissions - we want to have on the file (if security is enabled)
Throws:
SecureIOUtils.AlreadyExistsException - if the file already exists
IOException - if any other error occurred


Copyright © 2009 The Apache Software Foundation