hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Palleti, Pallavi" <pallavi.pall...@corp.aol.com>
Subject RE: Remote access to cluster with superuser privileges from untrusted IPs
Date Mon, 03 Aug 2009 03:54:15 GMT
Can someone kindly let me know whether any work is happening in this
regard. If not, I would like to add a patch which might be useful for
many.

Thanks
Pallavi

-----Original Message-----
From: Palleti, Pallavi [mailto:pallavi.palleti@corp.aol.com] 
Sent: Friday, July 31, 2009 12:20 PM
To: common-dev@hadoop.apache.org
Subject: Remote access to cluster with superuser privileges from
untrusted IPs

Hi all,

 

We are using hadoop-0.18.2 in our cluster and figured out that there is
a security flaw in current hadoop code as it don't check the
authentication of user. This would let any person to access cluster as
super user once the details like super user name and the configuration
details are known. I tried to solve this issue by allowing super user
access only from some specified IP Range. This would at least block
remote super user access from untrusted IP Addresses. 

 

I have modified the code accordingly in Server.java code. I would like
to add it as a patch so that it can be useful for others. However, when
I looked at the trunk code, I could see that there is some work related
to it is happening but am not sure. Especially, there is some code at
Server.java which throws PrivilegedActionException for untrusted user I
believe. Can someone kindly clarify if it is written for the same
purpose? If not, kindly suggest the version I should use to create a
patch so that it can be useful for many.

 

Thanks

Pallavi


Mime
View raw message