accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3338) Update example classpath configuration
Date Sun, 16 Nov 2014 17:59:34 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14213986#comment-14213986
] 

Josh Elser commented on ACCUMULO-3338:
--------------------------------------

bq. That's not quite true. The risk of extra paths in the classpath is that the extra path
might be writable by other users, depending on the platform and circumstance, and could conceivably
contain undesirable classes at some future point, regardless of whether they currently contain
any. In other words, the risk is not "known bad jars present", it's "not known to be free
of bad jars". (by "bad jars", I mean anything incompatible, malicious, or unintentional)

That's true. I was assuming that children of /usr (aside from /usr/local) will not be writable
by anyone but a super-user.

bq. I did not! Thanks for the fix.

Sure, I haven't been able to come up with an easy way to validate it, but that would be something
good to think about to future proof this.


> Update example classpath configuration
> --------------------------------------
>
>                 Key: ACCUMULO-3338
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3338
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: docs
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Trivial
>             Fix For: 1.6.2, 1.7.0
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> Make sure the example configuration general.classpaths contain some extra paths for HDFS
jars which make them more likely to generally work.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message