hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kihwal Lee (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-11069) Tighten the authorization of datanode RPC
Date Thu, 27 Oct 2016 15:50:58 GMT
Kihwal Lee created HDFS-11069:
---------------------------------

             Summary: Tighten the authorization of datanode RPC
                 Key: HDFS-11069
                 URL: https://issues.apache.org/jira/browse/HDFS-11069
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: datanode, security
            Reporter: Kihwal Lee


The current implementation of {{checkSuperuserPrivilege()}} allows the datanode user from
any node to be recognized as a super user.  If one datanode is compromised, the intruder can
issue {{shutdownDatanode()}}, {{evictWriters()}}, {{triggerBlockReport()}}, etc. against all
other datanodes.

This needs to be tightened to allow only the local datanode user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message