You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2008/05/07 20:16:59 UTC

[jira] Commented: (HADOOP-3259) Configuration.substituteVars() needs to handle security exceptions

    [ https://issues.apache.org/jira/browse/HADOOP-3259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12594986#action_12594986 ] 

Hadoop QA commented on HADOOP-3259:
-----------------------------------

-1 overall.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12381558/3259.patch
  against trunk revision 654128.

    +1 @author.  The patch does not contain any @author tags.

    -1 tests included.  The patch doesn't appear to include any new or modified tests.
                        Please justify why no tests are needed for this patch.

    +1 javadoc.  The javadoc tool did not generate any warning messages.

    +1 javac.  The applied patch does not increase the total number of javac compiler warnings.

    +1 findbugs.  The patch does not introduce any new Findbugs warnings.

    +1 release audit.  The applied patch does not increase the total number of release audit warnings.

    +1 core tests.  The patch passed core unit tests.

    +1 contrib tests.  The patch passed contrib unit tests.

Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch/2417/console

This message is automatically generated.

> Configuration.substituteVars() needs to handle security exceptions
> ------------------------------------------------------------------
>
>                 Key: HADOOP-3259
>                 URL: https://issues.apache.org/jira/browse/HADOOP-3259
>             Project: Hadoop Core
>          Issue Type: Bug
>          Components: conf
>    Affects Versions: 0.16.2
>            Reporter: Steve Loughran
>            Assignee: Edward J. Yoon
>            Priority: Trivial
>             Fix For: 0.18.0
>
>         Attachments: 3259.patch
>
>
> Inside Configuration.substituteVars(), there is a call to System.getProperty(var); this contains the implicit assumption that the JVM will never block access to a system property, because if that is the case -such as when the Configuration is running under a restrictive security manager, a SecurityException gets thrown. This will get thrown all the way up the tree. 
> Better to have some plan to handle it in situ, such as a log@warn level then leave the property unexpanded. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.