Sorry for the confusion in the description, it is the TaskTracker /logs servlet. I see your points and understand your concerns. As you know,
MAPREDUCE-2415 introduced these new design changes and symlinks. So with this new design, and without this patch, these symlinks in userlogs are not longer served. I agree that the use of symlinks and the way of serving them need to be revisited in a more generic way.
Regarding this ticket, what do you think about amending the current patch to have this "aliases serving" disabled by default, and also amending the docs for this added property to highlight these security considerations.
This seems sufficient since we are relying on the admin to explicitly enable this property. Additionally, this servlet is admin authorized, so normal or malicious users won't have access, and won't be able to view unauthorized contents through this servlet. What do you think?