[ https://issues.apache.org/jira/browse/MAPREDUCE-5208?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13656162#comment-13656162 ]
Vinod Kumar Vavilapalli commented on MAPREDUCE-5208: ---------------------------------------------------- [~dennisyv], checking it now. I forgot to compile and run tests on branch-2. Did that only on trunk. > SpillRecord and ShuffleHandler should use SecureIOUtils for reading index > file and map output > --------------------------------------------------------------------------------------------- > > Key: MAPREDUCE-5208 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-5208 > Project: Hadoop Map/Reduce > Issue Type: Bug > Reporter: Omkar Vinit Joshi > Assignee: Omkar Vinit Joshi > Fix For: 2.0.5-beta > > Attachments: MAPREDUCE-5208-20130506.patch, > MAPREDUCE-5208-20130507.patch, MAPREDUCE-5208.20130510.patch > > > ShuffleHandler (map output file) and SpillRecord (index file) are reading > file using unsecured input stream. There exists a possibility for symlink > attack. related to YARN-578 . Creating this issue to track map reduce changes. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira