hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhruba Borthakur <dhr...@gmail.com>
Subject Re: Remote access to cluster with superuser privileges from untrusted IPs
Date Mon, 03 Aug 2009 05:29:29 GMT
Hi Pallavi,

You are always welcome to post you code as a patch to a JIRA. Even if it
does not get committed to the Hadoop code base, you can always refer people
to your patch in the JIRA and ask them to use it.

thanks,
dhruba

On Sun, Aug 2, 2009 at 8:54 PM, Palleti, Pallavi <
pallavi.palleti@corp.aol.com> wrote:

> Can someone kindly let me know whether any work is happening in this
> regard. If not, I would like to add a patch which might be useful for
> many.
>
> Thanks
> Pallavi
>
> -----Original Message-----
> From: Palleti, Pallavi [mailto:pallavi.palleti@corp.aol.com]
> Sent: Friday, July 31, 2009 12:20 PM
> To: common-dev@hadoop.apache.org
> Subject: Remote access to cluster with superuser privileges from
> untrusted IPs
>
> Hi all,
>
>
>
> We are using hadoop-0.18.2 in our cluster and figured out that there is
> a security flaw in current hadoop code as it don't check the
> authentication of user. This would let any person to access cluster as
> super user once the details like super user name and the configuration
> details are known. I tried to solve this issue by allowing super user
> access only from some specified IP Range. This would at least block
> remote super user access from untrusted IP Addresses.
>
>
>
> I have modified the code accordingly in Server.java code. I would like
> to add it as a patch so that it can be useful for others. However, when
> I looked at the trunk code, I could see that there is some work related
> to it is happening but am not sure. Especially, there is some code at
> Server.java which throws PrivilegedActionException for untrusted user I
> believe. Can someone kindly clarify if it is written for the same
> purpose? If not, kindly suggest the version I should use to create a
> patch so that it can be useful for many.
>
>
>
> Thanks
>
> Pallavi
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message