You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-issues@hadoop.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2012/08/28 20:18:08 UTC
[jira] [Reopened] (MAPREDUCE-4572) Can not access user logs - Jetty
is not configured by default to serve aliases/symlinks
[ https://issues.apache.org/jira/browse/MAPREDUCE-4572?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Todd Lipcon reopened MAPREDUCE-4572:
------------------------------------
I'm concerned this might be a security hole. Are there any user-writable places that are served by jetty's file servlet? I think the user might be able to do something like drop a symlink into their log directory which points to the TT's keytab or another user's tokens. Without using the SecureIOUtils, this attack seems likely. I think we should revert this until we can do a detailed review for security.
> Can not access user logs - Jetty is not configured by default to serve aliases/symlinks
> ---------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-4572
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-4572
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: tasktracker, webapps
> Affects Versions: 1.0.0
> Reporter: Ahmed Radwan
> Assignee: Ahmed Radwan
> Fix For: 1.2.0, 2.2.0-alpha
>
> Attachments: MAPREDUCE-4572.patch, MAPREDUCE-4572_trunk.patch
>
>
> The task log servlet can no longer access user logs because MAPREDUCE-2415 introduce symlinks to the logs and jetty is not configured by default to serve symlinks.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira