You are viewing a plain text version of this content. The canonical link for it is here.

Posted to mapreduce-issues@hadoop.apache.org by "Allen Wittenauer (JIRA)" <ji...@apache.org> on 2014/07/17 21:45:06 UTC

[jira] [Updated] (MAPREDUCE-165) the map task output servlet doesn't protect against ".." attacks

     [ https://issues.apache.org/jira/browse/MAPREDUCE-165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Allen Wittenauer updated MAPREDUCE-165:
---------------------------------------

    Labels: security  (was: )

> the map task output servlet doesn't protect against ".." attacks
> ----------------------------------------------------------------
>
>                 Key: MAPREDUCE-165
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-165
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Owen O'Malley
>              Labels: security
>
> The servlet we use to export the map outputs doesn't protect itself against ".." attacks. However, because the code adds a /file.out.index and /file.out to it, it can only be used to read files with those names.



--
This message was sent by Atlassian JIRA
(v6.2#6252)