You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by harshach <gi...@git.apache.org> on 2015/01/22 03:10:46 UTC

[GitHub] storm pull request: STORM-635. logviewer returns 404 if storm_home...

GitHub user harshach opened a pull request:

    https://github.com/apache/storm/pull/391

    STORM-635. logviewer returns 404 if storm_home/logs is a symlinked dir.

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/harshach/incubator-storm STORM-635

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/storm/pull/391.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #391
    
----
commit bf9a311848de6ac2abf5cbbe987953b120fd813c
Author: Sriharsha Chintalapani <ma...@harsha.io>
Date:   2015-01-22T01:45:14Z

    STORM-635. logviewer returns 404 if storm_home/logs is a symlinked dir.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] storm pull request: STORM-635. logviewer returns 404 if storm_home...

Posted by revans2 <gi...@git.apache.org>.

Github user revans2 commented on the pull request:

    https://github.com/apache/storm/pull/391#issuecomment-71058840
  
    The change to check the parent directory is the root dir was put in on purpose for security reasons.  if someone puts in a file called "../../../etc/passwd" there could be some serious security issues involved.
    
    -1
    
    I am fine with supporting symlinks but we need to have a way to restrict what can be accessed through the logviewer.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] storm pull request: STORM-635. logviewer returns 404 if storm_home...

Posted by revans2 <gi...@git.apache.org>.

Github user revans2 commented on the pull request:

    https://github.com/apache/storm/pull/391#issuecomment-71253695
  
    +1 looks good to me.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] storm pull request: STORM-635. logviewer returns 404 if storm_home...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/storm/pull/391


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] storm pull request: STORM-635. logviewer returns 404 if storm_home...

Posted by harshach <gi...@git.apache.org>.

Github user harshach commented on the pull request:

    https://github.com/apache/storm/pull/391#issuecomment-71074482
  
    @revans2 my bad I missed security fix that went in before. Please check the latest patch . Thanks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] storm pull request: STORM-635. logviewer returns 404 if storm_home...

Posted by Parth-Brahmbhatt <gi...@git.apache.org>.

Github user Parth-Brahmbhatt commented on the pull request:

    https://github.com/apache/storm/pull/391#issuecomment-71075304
  
    +1.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---