From common-issues-return-146477-archive-asf-public=cust-asf.ponee.io@hadoop.apache.org Sat Jan 6 01:13:06 2018 Return-Path: X-Original-To: archive-asf-public@eu.ponee.io Delivered-To: archive-asf-public@eu.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by mx-eu-01.ponee.io (Postfix) with ESMTP id 47ACF18077D for ; Sat, 6 Jan 2018 01:13:06 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 381D2160C27; Sat, 6 Jan 2018 00:13:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 7A36E160C3B for ; Sat, 6 Jan 2018 01:13:05 +0100 (CET) Received: (qmail 4121 invoked by uid 500); 6 Jan 2018 00:13:04 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 3981 invoked by uid 99); 6 Jan 2018 00:13:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 06 Jan 2018 00:13:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 9C7B7180884 for ; Sat, 6 Jan 2018 00:13:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -108.711 X-Spam-Level: X-Spam-Status: No, score=-108.711 tagged_above=-999 required=6.31 tests=[ENV_AND_HDR_SPF_MATCH=-0.5, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_SPF_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 6II59P89b7cf for ; Sat, 6 Jan 2018 00:13:03 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 620945FB94 for ; Sat, 6 Jan 2018 00:13:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 9CE3CE0E0B for ; Sat, 6 Jan 2018 00:13:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 22CE8240EE for ; Sat, 6 Jan 2018 00:13:00 +0000 (UTC) Date: Sat, 6 Jan 2018 00:13:00 +0000 (UTC) From: "Eric Yang (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (HADOOP-15162) UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Eric Yang created HADOOP-15162: ---------------------------------- Summary: UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE Key: HADOOP-15162 URL: https://issues.apache.org/jira/browse/HADOOP-15162 Project: Hadoop Common Issue Type: Bug Components: security Reporter: Eric Yang {{UserGroupInformation.createRemoteUser(String user)}} is hard coded Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser ACL check, isSecurityEnabled check, and allow caller to impersonate as anyone. This method could be abused in the main code base, which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE or Kerberos enabled environment. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org