hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Owen O'Malley (JIRA)" <j...@apache.org>
Subject [jira] Created: (MAPREDUCE-1274) The completed job web ui urls include full path names to the local file system on the JobTracker.
Date Tue, 08 Dec 2009 17:57:18 GMT
The completed job web ui urls include full path names to the local file system on the JobTracker.
-------------------------------------------------------------------------------------------------

                 Key: MAPREDUCE-1274
                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1274
             Project: Hadoop Map/Reduce
          Issue Type: Bug
          Components: security
    Affects Versions: 0.21.0
            Reporter: Owen O'Malley
            Priority: Blocker
             Fix For: 0.21.0


Currently, the web ui for MapReduce in 0.21.0-dev include a path to a local file in the url:

http://jt.foo.com:50030/jobdetailshistory.jsp?jobid=job_200912012129_0001&logFile=file%3A%2Fopt%2Flocal%2Fowen%2Fhadoop%2Frun%2Flogs%2Fhistory%2Fdone%2Fjob_200912012129_0001_oom

This implies a security bug where the user uses logFile=/etc/passwd or some other annoying
trick. 

I suspect the answer is applying MAPREDUCE-1185 back to 0.21.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message