[jira] [Commented] (HADOOP-15162) UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE

Mon, 08 Jan 2018 10:39:52 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16316758#comment-16316758
 ] 

Eric Yang commented on HADOOP-15162:
------------------------------------

Hi [~daryn],

{quote}
If you have a specific risk case, please take it up on the security list. Don't 
irresponsibly post publicly.
{quote}

There is no security hole yet if the cluster is deployed with Kerberos or 
isSecurityEnabled==true.  If I am disclosing a real security hole, then it will 
definitely have been sent to security mailing list first.  I do not think this 
issue is worthy of sounding the bell yet.  This has been known issues with 
SIMPLE security since Hadoop 0.20s release.  I am only observing code changes 
over the past couple years and some security holes are about to be opened up 
due to inexperience developers following incorrect discipline.  Without the 
proper information to educate the public, fear will only cause panic and 
prevent progress.  I hope you understand my intention is to mitigate the risk 
by disclosing information to lead to progress rather than fear to drive people 
away.

> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-15162
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded 
> Authentication method to SIMPLE by HADOOP-10683.  This by passed proxyuser 
> ACL check, isSecurityEnabled check, and allow caller to impersonate as 
> anyone.  This method could be abused in the main code base, which can cause 
> part of Hadoop to become insecure without proxyuser check for both SIMPLE or 
> Kerberos enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to