Author Archives: Allen Wittenauer

About Allen Wittenauer

Allen Wittenauer has been working with computers in one form or another since he was a teenager in high school. He's worked with a variety of technologies over his career including critical support of hospitals, laying the groundwork for Sun Microsystem's internal deployments for SSO and Kerberos, and creating the basic blueprints that almost all Apache Hadoop deployments follow today. Currently, Allen is focused on the Apache community, release engineering, and helping others get the most out of Hadoop. Allen is a member of the Apache Software Foundation, where he is a PMC member of the Apache Yetus project and a committer on the Apache Hadoop project.

Fixing Apache Hadoop CVE-2016-6811: argv[0] vs. Security

Let’s discuss CVE-2016-6811 now that it has been published. Freddie Rice (in the midst of reporting another hole) discovered that Apache Hadoop suffered from a security anti-pattern: trusting argv[0]. The fundamental problem with argv[0] is that it’s possible for a caller to modify its contents. This situation means that argv[0] can contain anything and everything.… Read More »

Powerful _USERs in Apache Hadoop 3.0.0-alpha4

"Super Heroes" (CC BY-SA 2.0) by Olaf Gradin A lot of work has been done to greatly clarify and enhance various environment variables in the Apache Hadoop shell script code. One of those places was in the usage of various _USER environment variables. Prior to 3.0.0-alpha4 In previous releases, the supported variables were: Name Description HADOOP_SECURE_DN_USER User to… Read More »

Docker Security in Framework Managed, Multi-user Environments

A while back, Jessie Frazelle wrote and published an informative blog post on the differences between containers, zones, and jails. Since it touched on security, the blog post reminded me of a conversation that was had last year when a contributor to the Apache Yetus project asked about this blog post about one of the… Read More »

Adding to Apache Hadoop’s Classpath

One of the big pain points of administrating Apache Hadoop is the ability to safely and efficiently add to the classpath. The original design in Hadoop gave users a single way to add jars: the HADOOP_CLASSPATH environment variable. This is a bit of a problem for end users, admins, and any 3rd party applications may… Read More »