[
https://issues.apache.org/jira/browse/HADOOP-12579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15096074#comment-15096074
]
Kai Zheng commented on HADOOP-12579:
------------------------------------
bq. get rid of the "wrapper objects" that we manually create ...
Did you mean the protocol buffer service translator stuffs like
{{ClientDatanodeProtocolServerSideTranslatorPB}} and the related? If so, I
guess the incurred overhead would be the added layer and additional call. For
types involved in the RPC calling request and response, we still need convert
back and forth between normal Java types and protocol buffer types for
convenience, like even in HBase, because sometimes protocol buffer types would
look intrusive to pass down and use. Sorry if I misunderstood your point.
If just removes the old RPC engine, my quick trying looks like the involved
change isn't big and the risk looks acceptable. Sure servers won't accept
requests using the old RPC version from old clients.
> Deprecate and remove WriteableRPCEngine
> ---------------------------------------
>
> Key: HADOOP-12579
> URL: https://issues.apache.org/jira/browse/HADOOP-12579
> Project: Hadoop Common
> Issue Type: Improvement
> Reporter: Haohui Mai
>
> The {{WriteableRPCEninge}} depends on Java's serialization mechanisms for RPC
> requests. Without proper checks, it has be shown that it can lead to security
> vulnerabilities such as remote code execution (e.g., COLLECTIONS-580,
> HADOOP-12577).
> The current implementation has migrated from {{WriteableRPCEngine}} to
> {{ProtobufRPCEngine}} now. This jira proposes to deprecate
> {{WriteableRPCEngine}} in branch-2 and to remove it in trunk.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
