hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dhruba Borthakur <dhr...@gmail.com>
Subject Re: Remote access to cluster with superuser privileges from untrusted IPs
Date Mon, 03 Aug 2009 06:15:15 GMT
A lot of security related JIRAs are linked to
http://issues.apache.org/jira/browse/HADOOP-4487

thanks,
dhruba


On Sun, Aug 2, 2009 at 10:36 PM, Palleti, Pallavi <
pallavi.palleti@corp.aol.com> wrote:

> Thanks Dhruba. I will do that. Also, could you refer me to any
> documentation/link regarding any work happening in this regard. I would
> be interested in participating/contributing in it.
>
> Thanks
> Pallavi
>
> -----Original Message-----
> From: Dhruba Borthakur [mailto:dhruba@gmail.com]
> Sent: Monday, August 03, 2009 10:59 AM
> To: common-dev@hadoop.apache.org
> Subject: Re: Remote access to cluster with superuser privileges from
> untrusted IPs
>
> Hi Pallavi,
>
> You are always welcome to post you code as a patch to a JIRA. Even if it
> does not get committed to the Hadoop code base, you can always refer
> people
> to your patch in the JIRA and ask them to use it.
>
> thanks,
> dhruba
>
> On Sun, Aug 2, 2009 at 8:54 PM, Palleti, Pallavi <
> pallavi.palleti@corp.aol.com> wrote:
>
> > Can someone kindly let me know whether any work is happening in this
> > regard. If not, I would like to add a patch which might be useful for
> > many.
> >
> > Thanks
> > Pallavi
> >
> > -----Original Message-----
> > From: Palleti, Pallavi [mailto:pallavi.palleti@corp.aol.com]
> > Sent: Friday, July 31, 2009 12:20 PM
> > To: common-dev@hadoop.apache.org
> > Subject: Remote access to cluster with superuser privileges from
> > untrusted IPs
> >
> > Hi all,
> >
> >
> >
> > We are using hadoop-0.18.2 in our cluster and figured out that there
> is
> > a security flaw in current hadoop code as it don't check the
> > authentication of user. This would let any person to access cluster as
> > super user once the details like super user name and the configuration
> > details are known. I tried to solve this issue by allowing super user
> > access only from some specified IP Range. This would at least block
> > remote super user access from untrusted IP Addresses.
> >
> >
> >
> > I have modified the code accordingly in Server.java code. I would like
> > to add it as a patch so that it can be useful for others. However,
> when
> > I looked at the trunk code, I could see that there is some work
> related
> > to it is happening but am not sure. Especially, there is some code at
> > Server.java which throws PrivilegedActionException for untrusted user
> I
> > believe. Can someone kindly clarify if it is written for the same
> > purpose? If not, kindly suggest the version I should use to create a
> > patch so that it can be useful for many.
> >
> >
> >
> > Thanks
> >
> > Pallavi
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message