Details
Description
We should do a better job of protecting against symlink attacks in the pid and log file handling code:
a) Change the default location to have a user or id.str component
b) Check to make sure a pid file is actually a pid file (single line, nothing but numbers)
... maybe other stuff?
Attachments
Issue Links
- duplicates
-
HADOOP-8461 Programatically prevent symlink attacks on hadoop pid files
- Resolved
- is related to
-
HADOOP-11010 Post-9902 "Umbrella" JIRA
- Resolved