[
https://issues.apache.org/jira/browse/HDFS-8906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14699627#comment-14699627
]
Allen Wittenauer commented on HDFS-8906:
----------------------------------------
Hadoop 0.20.2 had no (real) security features in it. This is the least of its
problems: setting hadoop.job.ugi would allow anyone to connect as anyone else.
This and other issues have since been fixed in subsequent versions of Hadoop.
Given that 0.20.2 is over 5 years old at this point and unless there is
something else, I'll be closing this as won't fix.
> Non Authenticated Data node Allowed to Join HDFS
> ------------------------------------------------
>
> Key: HDFS-8906
> URL: https://issues.apache.org/jira/browse/HDFS-8906
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode
> Affects Versions: 0.20.2
> Environment: CentOS 6.7
> Reporter: John J. Howard
> Priority: Minor
> Labels: security
>
> An attacker with network access to a Hadoop cluster can create a spoof
> datanode that the namenode will accept into the cluster without
> authentication, allowing the attacker to run MapReduce jobs on the cluster in
> order to steal data. The spoof datanode is created by adding the namenode
> RSA SSH public key to the known hosts directory, starting Hadoop services,
> setting the IP address to be the same as a legitimate node on the Hadoop
> cluster and sending the namenode a heartbeat message with an empty namespace
> ID. This will cause the namenode to think that the spoof datanode is a node
> that had previously crashed and lost its data. The namenode will then
> connect to the spoof datanode using its SSH credentials and start replicating
> data on the spoof datanode, incorporating the spoof datanode into the
> cluster. Once incorporated, the spoof node can start issuing MapReduce jobs
> to retrieve cluster data.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
