[
https://issues.apache.org/jira/browse/HDFS-11069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147586#comment-16147586
]
Kihwal Lee commented on HDFS-11069:
-----------------------------------
[~xkrogen]. Fixed. Once it was a convention to not include never-been-released
lines in the fix version field at the time of closing jira. This no longer is
the case.
[~jojochuang] In terms of user authorization, a hdfs superuser for one namenode
should also be a superuser for the other namenode and datanodes. A datanode
user shouldn't be a privileged user and allowing one DN user to have the admin
permission on other DNs was giving it more privilege than needed.
> Tighten the authorization of datanode RPC
> -----------------------------------------
>
> Key: HDFS-11069
> URL: https://issues.apache.org/jira/browse/HDFS-11069
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: datanode, security
> Reporter: Kihwal Lee
> Assignee: Kihwal Lee
> Fix For: 2.8.0, 2.9.0, 2.7.4, 3.0.0-alpha2
>
> Attachments: HDFS-11069.patch
>
>
> The current implementation of {{checkSuperuserPrivilege()}} allows the
> datanode user from any node to be recognized as a super user. If one
> datanode is compromised, the intruder can issue {{shutdownDatanode()}},
> {{evictWriters()}}, {{triggerBlockReport()}}, etc. against all other
> datanodes. Although this does not expose stored data, it can cause service
> disruptions.
> This needs to be tightened to allow only the local datanode user.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
