org.apache.hadoop.io
Class SecureIOUtils
java.lang.Object
org.apache.hadoop.io.SecureIOUtils
public class SecureIOUtils
- extends Object
This class provides secure APIs for opening and creating files on the local
disk. The main issue this class tries to handle is that of symlink traversal.
An example of such an attack is:
- Malicious user removes his task's syslog file, and puts a link to the
jobToken file of a target user.
- Malicious user tries to open the syslog file via the servlet on the
tasktracker.
- The tasktracker is unaware of the symlink, and simply streams the contents
of the jobToken file. The malicious user can now access potentially sensitive
map outputs, etc. of the target user's job.
A similar attack is possible involving the
TaskLogsTruncater, but here it is to do
with unsecure write to a file.
|
Nested Class Summary |
static class |
SecureIOUtils.AlreadyExistsException
Signals that an attempt to create a file at a given pathname has failed
because another file already existed at that path. |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
SecureIOUtils
public SecureIOUtils()
openForRead
public static FileInputStream openForRead(File f,
String expectedOwner)
throws IOException
- Open the given File for read access, verifying the expected user
constraints.
- Parameters:
f - the file that we are trying to openexpectedOwner - the expected user owner for the file
- Throws:
IOException - if an IO Error occurred, or the user does not
match
createForWrite
public static FileOutputStream createForWrite(File f,
int permissions)
throws IOException
- Open the specified File for write access, ensuring that it does not exist.
- Parameters:
f - the file that we want to createpermissions - we want to have on the file (if security is enabled)
- Throws:
SecureIOUtils.AlreadyExistsException - if the file already exists
IOException - if any other error occurred
Copyright © 2009 The Apache Software Foundation