Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-1274

The completed job web ui urls include full path names to the local file system on the JobTracker.

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.21.0
    • None
    • security
    • None

    Description

      Currently, the web ui for MapReduce in 0.21.0-dev include a path to a local file in the url:

      http://jt.foo.com:50030/jobdetailshistory.jsp?jobid=job_200912012129_0001&logFile=file%3A%2Fopt%2Flocal%2Fowen%2Fhadoop%2Frun%2Flogs%2Fhistory%2Fdone%2Fjob_200912012129_0001_oom

      This implies a security bug where the user uses logFile=/etc/passwd or some other annoying trick.

      I suspect the answer is applying MAPREDUCE-1185 back to 0.21.

      Attachments

        Activity

          People

            Unassigned Unassigned
            omalley Owen O'Malley
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: