[
https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16316581#comment-16316581
]
Daryn Sharp commented on HADOOP-15162:
--------------------------------------
Unless I'm misunderstanding the description, this appears to be conjecture.
bq. This by passed proxyuser ACL check, isSecurityEnabled check, and allow
caller to impersonate as anyone.
No, isSecurityEnabled is dictated by the conf, not the auth method of a ugi
instance.
bq. \[...\] which can cause part of Hadoop to become insecure without proxyuser
check for both SIMPLE or Kerberos enabled environment.
Assuming it's a RPC or HttpServer, no, the proxyuser ACL is always applied when
the ugi is anything but token, ie. simple or kerberos. If it's token, a proxy
request is rejected (can't impersonate when already impersonating).
If you have a specific risk case, please take it up on the security list.
Don't irresponsibly post publicly.
> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
> Key: HADOOP-15162
> URL: https://issues.apache.org/jira/browse/HADOOP-15162
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded
> Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser
> ACL check, isSecurityEnabled check, and allow caller to impersonate as
> anyone. This method could be abused in the main code base, which can cause
> part of Hadoop to become insecure without proxyuser check for both SIMPLE or
> Kerberos enabled environment.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
