hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Todd Lipcon (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4572) Can not access user logs - Jetty is not configured by default to serve aliases/symlinks
Date Tue, 28 Aug 2012 18:53:07 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443384#comment-13443384

Todd Lipcon commented on MAPREDUCE-4572:

bq.  So we are basically here exposing the controls that Jetty already provides, and the users
can make the decision, and based on the available security setup on their environment, they
can make a decision of enabling or disabling this behavior. What do you think

I don't think most users understand the significance of the security issue here. Symlink attacks
can be pretty darn subtle, and I think a well-intentioned administrator will end up opening
a really bad hole just to get around the issue. Instead, we should figure out a secure way
to solve the original use case. (which I'm still confused about, per above, because the description
mentions the TaskLog servlet).
> Can not access user logs - Jetty is not configured by default to serve aliases/symlinks
> ---------------------------------------------------------------------------------------
>                 Key: MAPREDUCE-4572
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4572
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>          Components: tasktracker, webapps
>    Affects Versions: 1.0.0
>            Reporter: Ahmed Radwan
>            Assignee: Ahmed Radwan
>             Fix For: 1.2.0, 2.2.0-alpha
>         Attachments: MAPREDUCE-4572.patch, MAPREDUCE-4572_trunk.patch
> The task log servlet can no longer access user logs because MAPREDUCE-2415 introduce
symlinks to the logs and jetty is not configured by default to serve symlinks. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message