[
https://issues.apache.org/jira/browse/HADOOP-15722?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626597#comment-16626597
]
Daryn Sharp commented on HADOOP-15722:
--------------------------------------
I don't understand how the path {{/tmp/hive-${user.name}}} would ever properly
expand in the given example. The system property will be the user running the
daemon, not user_a nor user_b unless hive smashes the system property user.name
before fetching config keys. If yes, that's a bug and latent race condition in
hive.
Otherwise, for the original issue that expected user.name to expand to the
daemon's user, the security fix was designed to prevent non-trusted contexts
(ie. proxy user) from retrieving arbitrary properties. While one might the
case that {{user.name}} is innocuous, is {{secret.thing}}? How do we decide
what is safe? How about not using the system property in the scratch dir path?
> regression: Hadoop 2.7.7 release breaks spark submit
> ----------------------------------------------------
>
> Key: HADOOP-15722
> URL: https://issues.apache.org/jira/browse/HADOOP-15722
> Project: Hadoop Common
> Issue Type: Bug
> Components: build, conf, security
> Affects Versions: 2.7.7
> Reporter: Steve Loughran
> Priority: Major
>
> SPARK-25330 highlights that upgrading spark to hadoop 2.7.7 is causing a
> regression in client setup, with things only working when
> {{Configuration.getRestrictParserDefault(Object resource)}} = false.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
