[jira] [Created] (HADOOP-15162) UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE

Eric Yang (JIRA) Fri, 05 Jan 2018 16:13:18 -0800

Eric Yang created HADOOP-15162:
----------------------------------

             Summary: UserGroupInformation.createRmoteUser hardcode 
authentication method to SIMPLE
                 Key: HADOOP-15162
                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Eric Yang



{{UserGroupInformation.createRemoteUser(String user)}} is hard coded 
Authentication method to SIMPLE by HADOOP-10683.  This by passed proxyuser ACL 
check, isSecurityEnabled check, and allow caller to impersonate as anyone.  
This method could be abused in the main code base, which can cause part of 
Hadoop to become insecure without proxyuser check for both SIMPLE or Kerberos 
enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-15162) UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE

Reply via email to