hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Palleti, Pallavi" <pallavi.pall...@corp.aol.com>
Subject Remote access to cluster with superuser privileges from untrusted IPs
Date Fri, 31 Jul 2009 06:50:02 GMT
Hi all,


We are using hadoop-0.18.2 in our cluster and figured out that there is
a security flaw in current hadoop code as it don't check the
authentication of user. This would let any person to access cluster as
super user once the details like super user name and the configuration
details are known. I tried to solve this issue by allowing super user
access only from some specified IP Range. This would at least block
remote super user access from untrusted IP Addresses. 


I have modified the code accordingly in Server.java code. I would like
to add it as a patch so that it can be useful for others. However, when
I looked at the trunk code, I could see that there is some work related
to it is happening but am not sure. Especially, there is some code at
Server.java which throws PrivilegedActionException for untrusted user I
believe. Can someone kindly clarify if it is written for the same
purpose? If not, kindly suggest the version I should use to create a
patch so that it can be useful for many.




  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message