[
https://issues.apache.org/jira/browse/HADOOP-3578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12606465#action_12606465
]
Doug Cutting commented on HADOOP-3578:
--------------------------------------
> one could easily find out the job name by asking the jobtracker for a new
> job-id and replacing the last actual id with some number less than that, no?
To make this work, job directories should not be named with the job id, but
rather with a name that incorporates a random number. The job file name is
already passed in the Task, so this should be a simple change.
> I don't think dfs -rmr job_* will delete directories not owned by me, if
> there are no execute permissions on the parent.
Right. Wildcard expansion is done in the client. If you cannot list a
directory (execute permission) then you cannot expand wildcards in that
directory.
> mapred.system.dir should be accessible only to hadoop daemons
> --------------------------------------------------------------
>
> Key: HADOOP-3578
> URL: https://issues.apache.org/jira/browse/HADOOP-3578
> Project: Hadoop Core
> Issue Type: Bug
> Components: mapred
> Reporter: Amar Kamat
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job
> details. Hence the {{mapred.system.dir}} has the permissions of
> {{rwx-wx-wx}}. This could be a security loophole where the job files might
> get overwritten/tampered after the job submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
