[
https://issues.apache.org/jira/browse/YARN-578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13650133#comment-13650133
]
Vinod Kumar Vavilapalli commented on YARN-578:
----------------------------------------------
Okay, I just had an enlightening experience and I realized we need to fix more
issues:
- LogAggregationService can ignore these permissions and upload sensitive
files! Please fix this and write a test to verify that it doesn't happen.
- It seems like when logs are deleted, we are using the correct user to delete
them. But can you write tests to validate this for two cases (1) when
log-aggregation is enabled and (2) when it isn't.
> NodeManager should use SecureIOUtils for serving logs and intermediate outputs
> ------------------------------------------------------------------------------
>
> Key: YARN-578
> URL: https://issues.apache.org/jira/browse/YARN-578
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: nodemanager
> Reporter: Vinod Kumar Vavilapalli
> Assignee: Omkar Vinit Joshi
> Attachments: yarn-578-20130426.patch, YARN-578-20130506.patch
>
>
> Log servlets for serving logs and the ShuffleService for serving intermediate
> outputs both should use SecureIOUtils for avoiding symlink attacks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
