Author Archives: Allen Wittenauer

About Allen Wittenauer

Allen Wittenauer has been working with computers in one form or another since he was a teenager in high school. He's worked with a variety of technologies over his career including critical support of hospitals, laying the groundwork for Sun Microsystem's internal deployments for SSO and Kerberos, and operational architectures for many big data deployments. Release engineering, cloud infrastructures, and edge virtualization are currently his focus. He is a member of the Apache Software Foundation, where he is a PMC member of the Apache Yetus project and randomly contributes to various other projects.

Fixing Apache Hadoop CVE-2016-6811: argv[0] vs. Security

Let’s discuss CVE-2016-6811 now that it has been published. Freddie Rice (in the midst of reporting another hole) discovered that Apache Hadoop suffered from a security anti-pattern: trusting argv[0]. The fundamental problem with argv[0] is that it’s possible for a caller to modify its contents. This situation means that argv[0] can contain anything and everything.… Read More »

Powerful _USERs in Apache Hadoop 3.0.0-alpha4

"Super Heroes" (CC BY-SA 2.0) by Olaf Gradin A lot of work has been done to greatly clarify and enhance various environment variables in the Apache Hadoop shell script code. One of those places was in the usage of various _USER environment variables. Prior to 3.0.0-alpha4 In previous releases, the supported variables were: Name Description HADOOP_SECURE_DN_USER User to… Read More »

Docker Security in Framework Managed, Multi-user Environments

A while back, Jessie Frazelle wrote and published an informative blog post on the differences between containers, zones, and jails. Since it touched on security, the blog post reminded me of a conversation that was had last year when a contributor to the Apache Yetus project asked about this blog post about one of the… Read More »