MAPREDUCE-2103. task-controller shouldn't require o-r permissions. Contributed by Eli Collins

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.20-security@1205281 13f79535-47bb-0310-9956-ffa450edef68

CHANGES.txt

@@ -95,6 +95,8 @@ Release 0.20.206.0 - unreleased
 
     MAPREDUCE-3424. Some LinuxTaskController cleanup (eli)
 
+    MAPREDUCE-2103. task-controller shouldn't require o-r permissions. (eli)
+
 Release 0.20.205.1 - unreleased
 
   NEW FEATURES

src/c++/task-controller/impl/task-controller.c

@@ -103,7 +103,7 @@ char* get_executable() {
  * promisable. For this, we need task-controller binary to
  *    * be user-owned by root
  *    * be group-owned by a configured special group.
- *    * others do not have any permissions
+ *    * others do not have write/execute permissions
  *    * be setuid
  */
 int check_taskcontroller_permissions(char *executable_file) {
@@ -141,12 +141,11 @@ int check_taskcontroller_permissions(char *executable_file) {
     return -1;
   }
 
-  // check others do not have read/write/execute permissions
-  if ((filestat.st_mode & S_IROTH) == S_IROTH ||
-      (filestat.st_mode & S_IWOTH) == S_IWOTH ||
+  // check others do not have write/execute permissions
+  if ((filestat.st_mode & S_IWOTH) == S_IWOTH ||
       (filestat.st_mode & S_IXOTH) == S_IXOTH) {
     fprintf(LOGFILE,
-            "The task-controller binary should not have read or write or"
+            "The task-controller binary should not have write or"
             " execute for others.\n");
     return -1;
   }