You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2008/05/07 20:16:59 UTC
[jira] Commented: (HADOOP-3259) Configuration.substituteVars()
needs to handle security exceptions
[ https://issues.apache.org/jira/browse/HADOOP-3259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12594986#action_12594986 ]
Hadoop QA commented on HADOOP-3259:
-----------------------------------
-1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12381558/3259.patch
against trunk revision 654128.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no tests are needed for this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
+1 core tests. The patch passed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/console
This message is automatically generated.
> Configuration.substituteVars() needs to handle security exceptions
> ------------------------------------------------------------------
>
> Key: HADOOP-3259
> URL: https://issues.apache.org/jira/browse/HADOOP-3259
> Project: Hadoop Core
> Issue Type: Bug
> Components: conf
> Affects Versions: 0.16.2
> Reporter: Steve Loughran
> Assignee: Edward J. Yoon
> Priority: Trivial
> Fix For: 0.18.0
>
> Attachments: 3259.patch
>
>
> Inside Configuration.substituteVars(), there is a call to System.getProperty(var); this contains the implicit assumption that the JVM will never block access to a system property, because if that is the case -such as when the Configuration is running under a restrictive security manager, a SecurityException gets thrown. This will get thrown all the way up the tree.
> Better to have some plan to handle it in situ, such as a log@warn level then leave the property unexpanded.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.