hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15162) UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
Date Mon, 08 Jan 2018 16:57:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16316581#comment-16316581
] 

Daryn Sharp commented on HADOOP-15162:
--------------------------------------

Unless I'm misunderstanding the description, this appears to be conjecture.

bq. This by passed proxyuser ACL check, isSecurityEnabled check, and allow caller to impersonate
as anyone.
No, isSecurityEnabled is dictated by the conf, not the auth method of a ugi instance. 

bq. \[...\] which can cause part of Hadoop to become insecure without proxyuser check for
both SIMPLE or Kerberos enabled environment.
Assuming it's a RPC or HttpServer, no, the proxyuser ACL is always applied when the ugi is
anything but token, ie. simple or kerberos.  If it's token, a proxy request is rejected (can't
impersonate when already impersonating).

If you have a specific risk case, please take it up on the security list.  Don't irresponsibly
post publicly.





> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-15162
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded Authentication method
to SIMPLE by HADOOP-10683.  This by passed proxyuser ACL check, isSecurityEnabled check, and
allow caller to impersonate as anyone.  This method could be abused in the main code base,
which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE
or Kerberos enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message