SecureIOUtils (Apache Hadoop Common 2.0.3-alpha API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.hadoop.io
Class SecureIOUtils

java.lang.Object
  org.apache.hadoop.io.SecureIOUtils

public class SecureIOUtils
extends Object
extends Object

This class provides secure APIs for opening and creating files on the local disk. The main issue this class tries to handle is that of symlink traversal.
An example of such an attack is:

Malicious user removes his task's syslog file, and puts a link to the jobToken file of a target user.
Malicious user tries to open the syslog file via the servlet on the tasktracker.
The tasktracker is unaware of the symlink, and simply streams the contents of the jobToken file. The malicious user can now access potentially sensitive map outputs, etc. of the target user's job.

A similar attack is possible involving task log truncation, but in that case due to an insecure write to a file.

Nested Class Summary
`static class`	`SecureIOUtils.AlreadyExistsException` Signals that an attempt to create a file at a given pathname has failed because another file already existed at that path.

Constructor Summary
`SecureIOUtils()`

Method Summary
`static FileOutputStream`	`createForWrite(File f, int permissions)` Open the specified File for write access, ensuring that it does not exist.
`static FileInputStream`	`openForRead(File f, String expectedOwner, String expectedGroup)` Open the given File for read access, verifying the expected user/group constraints if security is enabled.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

SecureIOUtils

public SecureIOUtils()

Method Detail

openForRead

public static FileInputStream openForRead(File f,
                                          String expectedOwner,
                                          String expectedGroup)
                                   throws IOException

Open the given File for read access, verifying the expected user/group constraints if security is enabled. Note that this function provides no additional checks if Hadoop security is disabled, since doing the checks would be too expensive when native libraries are not available.

Parameters:: f - the file that we are trying to open; expectedOwner - the expected user owner for the file; expectedGroup - the expected group owner for the file
Throws:: IOException - if an IO Error occurred, or security is enabled and the user/group does not match

createForWrite

public static FileOutputStream createForWrite(File f,
                                              int permissions)
                                       throws IOException

Open the specified File for write access, ensuring that it does not exist.

Parameters:: f - the file that we want to create; permissions - we want to have on the file (if security is enabled)
Throws:: SecureIOUtils.AlreadyExistsException - if the file already exists; IOException - if any other error occurred