[
https://issues.apache.org/jira/browse/STORM-635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287785#comment-14287785
]
ASF GitHub Bot commented on STORM-635:
--------------------------------------
Github user revans2 commented on the pull request:
https://github.com/apache/storm/pull/391#issuecomment-71058840
The change to check the parent directory is the root dir was put in on
purpose for security reasons. if someone puts in a file called
"../../../etc/passwd" there could be some serious security issues involved.
-1
I am fine with supporting symlinks but we need to have a way to restrict
what can be accessed through the logviewer.
> logviewer returns 404 if storm_home/logs is a symlinked dir
> -----------------------------------------------------------
>
> Key: STORM-635
> URL: https://issues.apache.org/jira/browse/STORM-635
> Project: Apache Storm
> Issue Type: Bug
> Reporter: Sriharsha Chintalapani
> Assignee: Sriharsha Chintalapani
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
