[
https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16317414#comment-16317414
]
Daryn Sharp commented on HADOOP-15162:
--------------------------------------
bq. In summary, proxy user ACL should be checked for simple security instead of
reliance on isSecurityEnabled().
As stated earlier, proxy privs are always checked for non-token connections.
bq. isSecurityEnabled( gives a false sense that proxy user ACL shouldn't be
checked which leading to use of
UserGroupInformation.createRemoteUser(remoteUser) in server code, which is a
bad practice for not verifying the credential of current server user.
It's not bad practice for a server to use createRemoteUser – that's why it
exists. What does "verifying the credential of current server user" mean when
security is disabled and there are no credentials?
> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
> Key: HADOOP-15162
> URL: https://issues.apache.org/jira/browse/HADOOP-15162
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded
> Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser
> ACL check, isSecurityEnabled check, and allow caller to impersonate as
> anyone. This method could be abused in the main code base, which can cause
> part of Hadoop to become insecure without proxyuser check for both SIMPLE or
> Kerberos enabled environment.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
