Tag Archives: yarn

Fixing Apache Hadoop CVE-2016-6811: argv[0] vs. Security

Let’s discuss CVE-2016-6811 now that it has been published. Freddie Rice (in the midst of reporting another hole) discovered that Apache Hadoop suffered from a security anti-pattern: trusting argv[0]. The fundamental problem with argv[0] is that it’s possible for a caller to modify its contents. This situation means that argv[0] can contain anything and everything.… Read More »