[jira] [Commented] (HDFS-16004) BackupNode and QJournal lack Permission check.
[ https://issues.apache.org/jira/browse/HDFS-16004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17342276#comment-17342276 ] Xiaoqiao He commented on HDFS-16004: Thanks [~shv] for digging the historical issue and detailed comments. +1 for unnecessary improve BackupNode anymore. However I think we should enhance permission check for request to JournalNode which is deployed widely And it has risk without any permission check for request. What do you think? > BackupNode and QJournal lack Permission check. > -- > > Key: HDFS-16004 > URL: https://issues.apache.org/jira/browse/HDFS-16004 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: pull-request-available > Time Spent: 1h > Remaining Estimate: 0h > > I have some doubt when i configurate secure HDFS. I know we have Service > Level Authorization for protocols like NamenodeProtocol,DatanodeProtocol and > so on. > But i do not find such Authorization for JournalProtocol after reading the > code in HDFSPolicyProvider. And if we have, how can i configurate such > Authorization? > > Besides even NamenodeProtocol has Service Level Authorization, its methods > still have Permission check. Take startCheckpoint in NameNodeRpcServer who > implemented NamenodeProtocol for example: > > _public NamenodeCommand startCheckpoint(NamenodeRegistration registration)_ > _throws IOException {_ > _String operationName = "startCheckpoint";_ > _checkNNStartup();_ > _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_ > _.._ > > I found that the methods in BackupNodeRpcServer who implemented > JournalProtocol lack of such Permission check. See below: > > > _public void startLogSegment(JournalInfo journalInfo, long epoch,_ > _long txid) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().namenodeStartedLogSegment(txid);_ > _}_ > > _@Override_ > _public void journal(JournalInfo journalInfo, long epoch, long firstTxId,_ > _int numTxns, byte[] records) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().journal(firstTxId, numTxns, records);_ > _}_ > > Do we need add Permission check for them? > > Please point out my mistakes if i am wrong or miss something. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-16004) BackupNode and QJournal lack Permission check.
[ https://issues.apache.org/jira/browse/HDFS-16004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17342159#comment-17342159 ] lujie commented on HDFS-16004: -- Hey Guys, closing it as won't fix is better as it is a real problem of BackupNode. So don't {{QJournalProtocol}} and InterQJournal need to check? > BackupNode and QJournal lack Permission check. > -- > > Key: HDFS-16004 > URL: https://issues.apache.org/jira/browse/HDFS-16004 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: pull-request-available > Time Spent: 1h > Remaining Estimate: 0h > > I have some doubt when i configurate secure HDFS. I know we have Service > Level Authorization for protocols like NamenodeProtocol,DatanodeProtocol and > so on. > But i do not find such Authorization for JournalProtocol after reading the > code in HDFSPolicyProvider. And if we have, how can i configurate such > Authorization? > > Besides even NamenodeProtocol has Service Level Authorization, its methods > still have Permission check. Take startCheckpoint in NameNodeRpcServer who > implemented NamenodeProtocol for example: > > _public NamenodeCommand startCheckpoint(NamenodeRegistration registration)_ > _throws IOException {_ > _String operationName = "startCheckpoint";_ > _checkNNStartup();_ > _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_ > _.._ > > I found that the methods in BackupNodeRpcServer who implemented > JournalProtocol lack of such Permission check. See below: > > > _public void startLogSegment(JournalInfo journalInfo, long epoch,_ > _long txid) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().namenodeStartedLogSegment(txid);_ > _}_ > > _@Override_ > _public void journal(JournalInfo journalInfo, long epoch, long firstTxId,_ > _int numTxns, byte[] records) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().journal(firstTxId, numTxns, records);_ > _}_ > > Do we need add Permission check for them? > > Please point out my mistakes if i am wrong or miss something. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-16004) BackupNode and QJournal lack Permission check.
[ https://issues.apache.org/jira/browse/HDFS-16004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17342108#comment-17342108 ] Konstantin Shvachko commented on HDFS-16004: Hey guys. I wouldn't worry about {{BackupNode}}. It was supposed to be removed as redundant HDFS-4114. Same with {{JournalProtocol}} as it is used exclusively for {{BackupNode}}. This is an old code, that is not supposed to be used. There were some controversial issues about removing {{BackupNode}}, but I don't think they still stand. {{QJournalProtocol}} is the one to be used with QJM. If it is fine, then we can close this issue as wont fix or not a problem. > BackupNode and QJournal lack Permission check. > -- > > Key: HDFS-16004 > URL: https://issues.apache.org/jira/browse/HDFS-16004 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: pull-request-available > Time Spent: 1h > Remaining Estimate: 0h > > I have some doubt when i configurate secure HDFS. I know we have Service > Level Authorization for protocols like NamenodeProtocol,DatanodeProtocol and > so on. > But i do not find such Authorization for JournalProtocol after reading the > code in HDFSPolicyProvider. And if we have, how can i configurate such > Authorization? > > Besides even NamenodeProtocol has Service Level Authorization, its methods > still have Permission check. Take startCheckpoint in NameNodeRpcServer who > implemented NamenodeProtocol for example: > > _public NamenodeCommand startCheckpoint(NamenodeRegistration registration)_ > _throws IOException {_ > _String operationName = "startCheckpoint";_ > _checkNNStartup();_ > _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_ > _.._ > > I found that the methods in BackupNodeRpcServer who implemented > JournalProtocol lack of such Permission check. See below: > > > _public void startLogSegment(JournalInfo journalInfo, long epoch,_ > _long txid) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().namenodeStartedLogSegment(txid);_ > _}_ > > _@Override_ > _public void journal(JournalInfo journalInfo, long epoch, long firstTxId,_ > _int numTxns, byte[] records) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().journal(firstTxId, numTxns, records);_ > _}_ > > Do we need add Permission check for them? > > Please point out my mistakes if i am wrong or miss something. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org
[jira] [Commented] (HDFS-16004) BackupNode and QJournal lack Permission check.
[ https://issues.apache.org/jira/browse/HDFS-16004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17341178#comment-17341178 ] lujie commented on HDFS-16004: -- push the new commit. All the interface of QJournal are checked. > BackupNode and QJournal lack Permission check. > -- > > Key: HDFS-16004 > URL: https://issues.apache.org/jira/browse/HDFS-16004 > Project: Hadoop HDFS > Issue Type: Bug >Reporter: lujie >Assignee: lujie >Priority: Critical > Labels: pull-request-available > Time Spent: 40m > Remaining Estimate: 0h > > I have some doubt when i configurate secure HDFS. I know we have Service > Level Authorization for protocols like NamenodeProtocol,DatanodeProtocol and > so on. > But i do not find such Authorization for JournalProtocol after reading the > code in HDFSPolicyProvider. And if we have, how can i configurate such > Authorization? > > Besides even NamenodeProtocol has Service Level Authorization, its methods > still have Permission check. Take startCheckpoint in NameNodeRpcServer who > implemented NamenodeProtocol for example: > > _public NamenodeCommand startCheckpoint(NamenodeRegistration registration)_ > _throws IOException {_ > _String operationName = "startCheckpoint";_ > _checkNNStartup();_ > _{color:#ff6600}namesystem.checkSuperuserPrivilege(operationName);{color}_ > _.._ > > I found that the methods in BackupNodeRpcServer who implemented > JournalProtocol lack of such Permission check. See below: > > > _public void startLogSegment(JournalInfo journalInfo, long epoch,_ > _long txid) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().namenodeStartedLogSegment(txid);_ > _}_ > > _@Override_ > _public void journal(JournalInfo journalInfo, long epoch, long firstTxId,_ > _int numTxns, byte[] records) throws IOException {_ > _namesystem.checkOperation(OperationCategory.JOURNAL);_ > _verifyJournalRequest(journalInfo);_ > _getBNImage().journal(firstTxId, numTxns, records);_ > _}_ > > Do we need add Permission check for them? > > Please point out my mistakes if i am wrong or miss something. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org