[
https://issues.apache.org/jira/browse/HDFS-8736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14626633#comment-14626633
]
Allen Wittenauer commented on HDFS-8736:
----------------------------------------
Trying to solve server security problems from the client side never works.
bq. with the caveat that you'd need to also guard against users trying to
instantiate the file system implementation directly using other permissions.
... which is nearly impossible. There's not a lot of work here to do exactly
that:
java -Dfs.hdfs.impl=myclass
or
java -Dfs.s3.impl=DistributedFileSystem
or whatever
Now what?
> ability to deny access to HDFS filesystems
> ------------------------------------------
>
> Key: HDFS-8736
> URL: https://issues.apache.org/jira/browse/HDFS-8736
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.5.0
> Reporter: Purvesh Patel
> Priority: Minor
> Labels: security
> Attachments: HDFS-8736-1.patch
>
>
> In order to run in a secure context, ability to deny access to different
> filesystems(specifically the local file system) to non-trusted code this
> patch adds a new SecurityPermission class(AccessFileSystemPermission) and
> checks the permission in FileSystem#get before returning a cached file system
> or creating a new one. Please see attached patch.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
