[
https://issues.apache.org/jira/browse/HDFS-2856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13653278#comment-13653278
]
Todd Lipcon commented on HDFS-2856:
-----------------------------------
One question about this new protocol -- it relies on the client and server
addresses to prevent MITM type attacks. But many nodes are multi-homed, and in
the case of cross-cluster communication there may even be NAT or SOCKS proxies
in the way. Given that, a client may not know its own address (as seen by the
datanode), and the address that the client is using to speak to the DN may not
be the same one the DN has bound to.
Instead, can we just use the DatanodeID and port of the target DN? This would
still prevent a man-in-the-middle where the request is forwarded to a different
DN. I'm not sure what value is provided by including the _client_'s address in
the digest.
> Fix block protocol so that Datanodes don't require root or jsvc
> ---------------------------------------------------------------
>
> Key: HDFS-2856
> URL: https://issues.apache.org/jira/browse/HDFS-2856
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: datanode, security
> Reporter: Owen O'Malley
> Assignee: Chris Nauroth
> Priority: Blocker
> Attachments: Datanode-Security-Design.pdf,
> Datanode-Security-Design.pdf, Datanode-Security-Design.pdf
>
>
> Since we send the block tokens unencrypted to the datanode, we currently
> start the datanode as root using jsvc and get a secure (< 1024) port.
> If we have the datanode generate a nonce and send it on the connection and
> the sends an hmac of the nonce back instead of the block token it won't
> reveal any secrets. Thus, we wouldn't require a secure port and would not
> require root or jsvc.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
