[
https://issues.apache.org/jira/browse/PIG-3511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13868250#comment-13868250
]
Koji Noguchi commented on PIG-3511:
-----------------------------------
Hadoop/Yarn should do a better job in handling of the public distributed cache.
I'm more worried for the case when we have a pig job that takes sensitive input
(permission 700), filter out those sensitive portion and produces an output
with permission 755.
Users may feel that they're still protecting the sensitive info but pig may be
making them available through world readable intermediate outputs.
Of course, the original issue of udf jars being world writable (when output
permission is 777) is most critical.
> Security: Pig temporary directories might have world readable permissions
> -------------------------------------------------------------------------
>
> Key: PIG-3511
> URL: https://issues.apache.org/jira/browse/PIG-3511
> Project: Pig
> Issue Type: Bug
> Reporter: Aniket Mokashi
> Assignee: Rohini Palaniswamy
> Fix For: 0.13.0
>
>
> Currently, udf jars are copied to FileLocalizer.getTemporaryPath which is a
> unsecured location. We need to make sure the directory that we copy these
> jars to have 700 permission settings (similar behavior as JobClient).
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
