[jira] [Created] (HDFS-11069) Tighten the authorization of datanode RPC

Kihwal Lee (JIRA) Thu, 27 Oct 2016 08:51:11 -0700

Kihwal Lee created HDFS-11069:
---------------------------------

             Summary: Tighten the authorization of datanode RPC
                 Key: HDFS-11069
                 URL: https://issues.apache.org/jira/browse/HDFS-11069
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: datanode, security
            Reporter: Kihwal Lee



The current implementation of {{checkSuperuserPrivilege()}} allows the datanode 
user from any node to be recognized as a super user.  If one datanode is 
compromised, the intruder can issue {{shutdownDatanode()}}, {{evictWriters()}}, 
{{triggerBlockReport()}}, etc. against all other datanodes.

This needs to be tightened to allow only the local datanode user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org

[jira] [Created] (HDFS-11069) Tighten the authorization of datanode RPC

Reply via email to