hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11053) Unnecessary superuser check in versionRequest()
Date Wed, 26 Oct 2016 14:05:59 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15608543#comment-15608543
] 

Daryn Sharp commented on HDFS-11053:
------------------------------------

+1 Good change for secure setups.  I checked the jira that added the line and it appeared
to just be a blanket change to a protocol interface, not necessarily intended.

> Unnecessary superuser check in versionRequest()
> -----------------------------------------------
>
>                 Key: HDFS-11053
>                 URL: https://issues.apache.org/jira/browse/HDFS-11053
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode, security
>            Reporter: Kihwal Lee
>            Assignee: Kihwal Lee
>         Attachments: HDFS-11053.patch
>
>
> The {{versionRequest()}} call does not return any sensitive information.  It is mainly
used for sanity checks.   The presence of {{checkSuperuserPrivilege()}} forces users to run
datanode as a hdfs superuser.
> In secure setup, a keytab obtained from a compromised datanode can allow the intruder
to gain hdfs superuser privilege.  We should allow datanodes to be run as non-hdfs-superuser
by removing {{checkSuperuserPrivilege()}} from {{versionRequest()}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message