hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-11069) Tighten the authorization of datanode RPC
Date Thu, 27 Oct 2016 19:54:58 GMT

    [ https://issues.apache.org/jira/browse/HDFS-11069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15613018#comment-15613018

Hudson commented on HDFS-11069:

SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #10708 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10708/])
HDFS-11069. Tighten the authorization of datanode RPC. Contributed by (kihwal: rev ae48c496dce8d0eae4571fc64e6850d602bae688)
* (edit) hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DataNode.java

> Tighten the authorization of datanode RPC
> -----------------------------------------
>                 Key: HDFS-11069
>                 URL: https://issues.apache.org/jira/browse/HDFS-11069
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: datanode, security
>            Reporter: Kihwal Lee
>            Assignee: Kihwal Lee
>             Fix For: 2.7.4, 3.0.0-alpha2
>         Attachments: HDFS-11069.patch
> The current implementation of {{checkSuperuserPrivilege()}} allows the datanode user
from any node to be recognized as a super user.  If one datanode is compromised, the intruder
can issue {{shutdownDatanode()}}, {{evictWriters()}}, {{triggerBlockReport()}}, etc. against
all other datanodes. Although this does not expose stored data, it can cause service disruptions.
> This needs to be tightened to allow only the local datanode user.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org

View raw message