[
https://issues.apache.org/jira/browse/MAPREDUCE-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790032#action_12790032
]
Amareshwari Sriramadasu commented on MAPREDUCE-1274:
----------------------------------------------------
bq. the web ui for MapReduce in 0.21.0-dev include a path to a local file in
the url:
The web ui url for retired jobs and history url have this.
bq. I suspect the answer is applying MAPREDUCE-1185 back to 0.21.
MAPREDUCE-1185 does not solve the above mentioned problem. It only redirects
the job url to history url. I think one solution is MAPREDUCE-323, where job
history file depends only on jobid.
> The completed job web ui urls include full path names to the local file
> system on the JobTracker.
> -------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-1274
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1274
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security
> Affects Versions: 0.21.0
> Reporter: Owen O'Malley
> Priority: Blocker
> Fix For: 0.21.0
>
>
> Currently, the web ui for MapReduce in 0.21.0-dev include a path to a local
> file in the url:
> http://jt.foo.com:50030/jobdetailshistory.jsp?jobid=job_200912012129_0001&logFile=file%3A%2Fopt%2Flocal%2Fowen%2Fhadoop%2Frun%2Flogs%2Fhistory%2Fdone%2Fjob_200912012129_0001_oom
> This implies a security bug where the user uses logFile=/etc/passwd or some
> other annoying trick.
> I suspect the answer is applying MAPREDUCE-1185 back to 0.21.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
