[
https://issues.apache.org/jira/browse/MAPREDUCE-1274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tom White updated MAPREDUCE-1274:
---------------------------------
Fix Version/s: (was: 0.21.0)
Priority: Critical (was: Blocker)
Downgraded from blocker, following offline discussion with Arun. The first 0.21
release is not expected to have a fully-complete security implementation.
> The completed job web ui urls include full path names to the local file
> system on the JobTracker.
> -------------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-1274
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1274
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: security
> Affects Versions: 0.21.0
> Reporter: Owen O'Malley
> Priority: Critical
>
> Currently, the web ui for MapReduce in 0.21.0-dev include a path to a local
> file in the url:
> http://jt.foo.com:50030/jobdetailshistory.jsp?jobid=job_200912012129_0001&logFile=file%3A%2Fopt%2Flocal%2Fowen%2Fhadoop%2Frun%2Flogs%2Fhistory%2Fdone%2Fjob_200912012129_0001_oom
> This implies a security bug where the user uses logFile=/etc/passwd or some
> other annoying trick.
> I suspect the answer is applying MAPREDUCE-1185 back to 0.21.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
