Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.21.0
-
None
-
None
Description
Currently, the web ui for MapReduce in 0.21.0-dev include a path to a local file in the url:
This implies a security bug where the user uses logFile=/etc/passwd or some other annoying trick.
I suspect the answer is applying MAPREDUCE-1185 back to 0.21.