[
https://issues.apache.org/jira/browse/MAPREDUCE-5208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13656162#comment-13656162
]
Vinod Kumar Vavilapalli commented on MAPREDUCE-5208:
----------------------------------------------------
[~dennisyv], checking it now. I forgot to compile and run tests on branch-2.
Did that only on trunk.
> SpillRecord and ShuffleHandler should use SecureIOUtils for reading index
> file and map output
> ---------------------------------------------------------------------------------------------
>
> Key: MAPREDUCE-5208
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-5208
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Reporter: Omkar Vinit Joshi
> Assignee: Omkar Vinit Joshi
> Fix For: 2.0.5-beta
>
> Attachments: MAPREDUCE-5208-20130506.patch,
> MAPREDUCE-5208-20130507.patch, MAPREDUCE-5208.20130510.patch
>
>
> ShuffleHandler (map output file) and SpillRecord (index file) are reading
> file using unsecured input stream. There exists a possibility for symlink
> attack. related to YARN-578 . Creating this issue to track map reduce changes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
