hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8736) ability to deny access to HDFS filesystems
Date Tue, 14 Jul 2015 17:28:09 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14626713#comment-14626713
] 

Steve Loughran commented on HDFS-8736:
--------------------------------------

You will also need to guard against untrusted code trying to open a network port and talking
to hadoop direct, and doing the same for webhdfs. Given a socket and sufficient code, I can
talk to an HDFS filesystem.

There is a well defined way to stop untrusted code talking to HDFS, it is called Kerberos.
Yes, we all hate it. Yes, we all fear it, Yes, none of us understand it properly. But we know
that it does lock things down so that not only are untrusted applications forbidden access,
the caller gets the specific rights associated with the identity of the user making the operation.

(There's also a little detail of that patch still being un-applicable, but that's a detail
here).

As I stated on the related MR JIRA, file an uber-JIRA where the whole aspect of running Hadoop
(client?) in a sandbox can be discussed, rather than piece by piece patches which will probably
get rejected on a case-by-case basis.

> ability to deny access to HDFS filesystems
> ------------------------------------------
>
>                 Key: HDFS-8736
>                 URL: https://issues.apache.org/jira/browse/HDFS-8736
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.5.0
>            Reporter: Purvesh Patel
>            Priority: Minor
>              Labels: security
>         Attachments: HDFS-8736-1.patch
>
>
> In order to run in a secure context, ability to deny access to different filesystems(specifically
the local file system) to non-trusted code this patch adds a new SecurityPermission class(AccessFileSystemPermission)
and checks the permission in FileSystem#get before returning a cached file system or creating
a new one. Please see attached patch.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message