[
https://issues.apache.org/jira/browse/STORM-269?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14235207#comment-14235207
]
ASF GitHub Bot commented on STORM-269:
--------------------------------------
Github user nothinking commented on the pull request:
https://github.com/apache/storm/pull/91#issuecomment-65755713
To someone like me.
If you want to change log dir, add line to storm.yaml this line.
> storm.log.dir=/some/real/dir/path
Remember! No Symbolic Link!!
> Any readable file exposed via UI log viewer
> -------------------------------------------
>
> Key: STORM-269
> URL: https://issues.apache.org/jira/browse/STORM-269
> Project: Apache Storm
> Issue Type: Bug
> Affects Versions: 0.9.2-incubating
> Reporter: Jared Kuolt
> Assignee: P. Taylor Goetz
> Labels: security
> Fix For: 0.9.2-incubating
>
>
> Note: This is actually version 0.9.0.1 but I couldn't choose that in the
> dropdown. I suspect that the problem still exists.
> I found that it's possible to access any readable file on the system via the
> UI worker log viewer. To reproduce, navigate to:
> http://<host:port>/log?file=../../../../../../../../etc/passwd
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
