[ https://issues.apache.org/jira/browse/MAPREDUCE-4572?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443384#comment-13443384 ]
Todd Lipcon commented on MAPREDUCE-4572: ---------------------------------------- bq. So we are basically here exposing the controls that Jetty already provides, and the users can make the decision, and based on the available security setup on their environment, they can make a decision of enabling or disabling this behavior. What do you think I don't think most users understand the significance of the security issue here. Symlink attacks can be pretty darn subtle, and I think a well-intentioned administrator will end up opening a really bad hole just to get around the issue. Instead, we should figure out a secure way to solve the original use case. (which I'm still confused about, per above, because the description mentions the TaskLog servlet). > Can not access user logs - Jetty is not configured by default to serve > aliases/symlinks > --------------------------------------------------------------------------------------- > > Key: MAPREDUCE-4572 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-4572 > Project: Hadoop Map/Reduce > Issue Type: Bug > Components: tasktracker, webapps > Affects Versions: 1.0.0 > Reporter: Ahmed Radwan > Assignee: Ahmed Radwan > Fix For: 1.2.0, 2.2.0-alpha > > Attachments: MAPREDUCE-4572.patch, MAPREDUCE-4572_trunk.patch > > > The task log servlet can no longer access user logs because MAPREDUCE-2415 > introduce symlinks to the logs and jetty is not configured by default to > serve symlinks. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira