hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-12579) Deprecate and remove WriteableRPCEngine
Date Wed, 13 Jan 2016 11:58:40 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-12579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15096074#comment-15096074
] 

Kai Zheng commented on HADOOP-12579:
------------------------------------

bq. get rid of the "wrapper objects" that we manually create ...
Did you mean the protocol buffer service translator stuffs like {{ClientDatanodeProtocolServerSideTranslatorPB}}
and the related? If so, I guess the incurred overhead would be the added layer and additional
call. For types involved in the RPC calling request and response, we still need convert back
and forth between normal Java types and protocol buffer types for convenience, like even in
HBase, because sometimes protocol buffer types would look intrusive to pass down and use.
Sorry if I misunderstood your point.

If just removes the old RPC engine, my quick trying looks like the involved change isn't big
and the risk looks acceptable. Sure servers won't accept requests using the old RPC version
from old clients.

> Deprecate and remove WriteableRPCEngine
> ---------------------------------------
>
>                 Key: HADOOP-12579
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12579
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Haohui Mai
>
> The {{WriteableRPCEninge}} depends on Java's serialization mechanisms for RPC requests.
Without proper checks, it has be shown that it can lead to security vulnerabilities such as
remote code execution (e.g., COLLECTIONS-580, HADOOP-12577).
> The current implementation has migrated from {{WriteableRPCEngine}} to {{ProtobufRPCEngine}}
now. This jira proposes to deprecate {{WriteableRPCEngine}} in branch-2 and to remove it in
trunk.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message