[
https://issues.apache.org/jira/browse/MAPREDUCE-181?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12754208#action_12754208
]
Doug Cutting commented on MAPREDUCE-181:
----------------------------------------
+1 This sounds good to me. I'd prefer the version not be a separate file, but
would not reject this design over that.
> at some point we will change the job conf from xml to binary. That isn't easy
> to do without a version on the directory.
Wouldn't that be clear if it were named job.bin instead of job.xml? If job.bin
does not exist then we'd look for job.xml. The version number could then be
stored in the configuration. I don't see any disadvantages to this, and it
would be nice not to add another file per job. Is there a reason I'm missing?
> Secure job submission
> ----------------------
>
> Key: MAPREDUCE-181
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-181
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Reporter: Amar Kamat
> Assignee: Amar Kamat
> Attachments: hadoop-3578-branch-20-example-2.patch,
> hadoop-3578-branch-20-example.patch, HADOOP-3578-v2.6.patch,
> HADOOP-3578-v2.7.patch, MAPRED-181-v3.8.patch
>
>
> Currently the jobclient accesses the {{mapred.system.dir}} to add job
> details. Hence the {{mapred.system.dir}} has the permissions of
> {{rwx-wx-wx}}. This could be a security loophole where the job files might
> get overwritten/tampered after the job submission.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
