[
https://issues.apache.org/jira/browse/PIG-2672?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13777040#comment-13777040
]
Koji Noguchi commented on PIG-2672:
-----------------------------------
bq. In fact, any misconfiguration is still protected by SHA (hard to collide).
SHA is meaningless here unless verified by the trusted entity. (NodeManager or
TaskTracker in HADOOP-9639).
Say abc.jar was installed locally. UserEvil can figure out what the shared hdfs
path is since he has access to the local file.
Then UserEvil can upload any kind of jar with that filename as long as he is
the first user to upload.
Now, any users trying to use this local abc.jar would be unknowingly executing
the random jar uploaded by this UserEvil.
> Optimize the use of DistributedCache
> ------------------------------------
>
> Key: PIG-2672
> URL: https://issues.apache.org/jira/browse/PIG-2672
> Project: Pig
> Issue Type: Improvement
> Reporter: Rohini Palaniswamy
> Assignee: Aniket Mokashi
> Fix For: 0.12.0
>
> Attachments: PIG-2672.patch
>
>
> Pig currently copies jar files to a temporary location in hdfs and then adds
> them to DistributedCache for each job launched. This is inefficient in terms
> of
> * Space - The jars are distributed to task trackers for every job taking
> up lot of local temporary space in tasktrackers.
> * Performance - The jar distribution impacts the job launch time.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
