hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Purvesh Patel (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8736) ability to deny access to HDFS filesystems
Date Tue, 14 Jul 2015 15:17:05 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14626463#comment-14626463

Purvesh Patel commented on HDFS-8736:

There is little confusion on the description of issue. This patch is introduced to prevent
untrusted user code from accessing to HDFS, not the local file system. It's written in such
a way as to potentially enable it to be used to block access to any type of FileSystem, with
the caveat that you'd need to also guard against users trying to instantiate the file system
implementation directly using other permissions. 

Additional permission to prevent users from getting access to instances of the HDFS FileSystem
that were created when the user code was off-stack and that have pre-cached network connections.

> ability to deny access to HDFS filesystems
> ------------------------------------------
>                 Key: HDFS-8736
>                 URL: https://issues.apache.org/jira/browse/HDFS-8736
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.5.0
>            Reporter: Purvesh Patel
>            Priority: Minor
>              Labels: security
>         Attachments: HDFS-8736-1.patch
> In order to run in a secure context, ability to deny access to different filesystems(specifically
the local file system) to non-trusted code this patch adds a new SecurityPermission class(AccessFileSystemPermission)
and checks the permission in FileSystem#get before returning a cached file system or creating
a new one. Please see attached patch.

This message was sent by Atlassian JIRA

View raw message