You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Andras Piros (JIRA)" <ji...@apache.org> on 2018/12/13 13:48:00 UTC
[jira] [Created] (OOZIE-3403) [fluent-job] Workflow definition is
stored in an insecure place on client host
Andras Piros created OOZIE-3403:
-----------------------------------
Summary: [fluent-job] Workflow definition is stored in an insecure place on client host
Key: OOZIE-3403
URL: https://issues.apache.org/jira/browse/OOZIE-3403
Project: Oozie
Issue Type: Bug
Components: fluent-job
Affects Versions: 5.1.0
Reporter: Andras Piros
When {{OozieCLI}} is called with {{job -validatejar}} and {{–-verbose}} options, the resulting {{workflow.xml}} is stored in an insecure place: {{/tmp}} on the host computer.
To reduce world readability, it's required that the resulting {{workflow.xml}} be stored in the currend working directory with rights only readable to the caller where {{OozieCLI}} has just been called.
Since this information is also available via normal [{{OozieCLI}} call {{job -definition}}|https://oozie.apache.org/docs/5.0.0/DG_CommandLineTool.html#Checking_the_xml_definition_of_a_Workflow_Coordinator_or_Bundle_Job], it's considered a minor issue.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)