[jira] [Commented] (MAPREDUCE-5208) SpillRecord and ShuffleHandler should use SecureIOUtils for reading index file and map output

Mon, 13 May 2013 06:13:22 -0700 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-5208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13655947#comment-13655947
 ] 

Hudson commented on MAPREDUCE-5208:
-----------------------------------

Integrated in Hadoop-Hdfs-trunk #1397 (See 
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1397/])
    MAPREDUCE-5208. Modified ShuffleHandler to use SecureIOUtils for reading 
local files. Contributed by Omkar Vinit Joshi. (Revision 1481657)

     Result = FAILURE
vinodkv : 
http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1481657
Files : 
* /hadoop/common/trunk/hadoop-mapreduce-project/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-core/src/main/java/org/apache/hadoop/mapred/SpillRecord.java
* 
/hadoop/common/trunk/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-shuffle/src/main/java/org/apache/hadoop/mapred/ShuffleHandler.java
* 
/hadoop/common/trunk/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-shuffle/src/test/java/org/apache/hadoop/mapred/TestShuffleHandler.java
* 
/hadoop/common/trunk/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-shuffle/src/test/resources/krb5.conf

                
> SpillRecord and ShuffleHandler should use SecureIOUtils for reading index 
> file and map output
> ---------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-5208
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5208
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Omkar Vinit Joshi
>            Assignee: Omkar Vinit Joshi
>             Fix For: 2.0.5-beta
>
>         Attachments: MAPREDUCE-5208-20130506.patch, 
> MAPREDUCE-5208-20130507.patch, MAPREDUCE-5208.20130510.patch
>
>
> ShuffleHandler (map output file) and SpillRecord (index file) are reading 
> file using unsecured input stream. There exists a possibility for symlink 
> attack. related to YARN-578 . Creating this issue to track map reduce changes.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to