hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4572) Can not access user logs - Jetty is not configured by default to serve aliases/symlinks
Date Tue, 28 Aug 2012 18:53:07 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443384#comment-13443384
] 

Todd Lipcon commented on MAPREDUCE-4572:
----------------------------------------

bq.  So we are basically here exposing the controls that Jetty already provides, and the users
can make the decision, and based on the available security setup on their environment, they
can make a decision of enabling or disabling this behavior. What do you think

I don't think most users understand the significance of the security issue here. Symlink attacks
can be pretty darn subtle, and I think a well-intentioned administrator will end up opening
a really bad hole just to get around the issue. Instead, we should figure out a secure way
to solve the original use case. (which I'm still confused about, per above, because the description
mentions the TaskLog servlet).
                
> Can not access user logs - Jetty is not configured by default to serve aliases/symlinks
> ---------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-4572
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4572
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: tasktracker, webapps
>    Affects Versions: 1.0.0
>            Reporter: Ahmed Radwan
>            Assignee: Ahmed Radwan
>             Fix For: 1.2.0, 2.2.0-alpha
>
>         Attachments: MAPREDUCE-4572.patch, MAPREDUCE-4572_trunk.patch
>
>
> The task log servlet can no longer access user logs because MAPREDUCE-2415 introduce
symlinks to the logs and jetty is not configured by default to serve symlinks. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message