[ https://issues.apache.org/jira/browse/HDFS-11069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15612831#comment-15612831 ]
Kihwal Lee commented on HDFS-11069: ----------------------------------- {{TestPermission}} is broken by HDFS-10455. The other test passes. {noformat} ------------------------------------------------------- T E S T S ------------------------------------------------------- Running org.apache.hadoop.hdfs.TestFileCorruption Tests run: 5, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 17.826 sec - in org.apache.hadoop.hdfs.TestFileCorruption Results : Tests run: 5, Failures: 0, Errors: 0, Skipped: 0 {noformat} > Tighten the authorization of datanode RPC > ----------------------------------------- > > Key: HDFS-11069 > URL: https://issues.apache.org/jira/browse/HDFS-11069 > Project: Hadoop HDFS > Issue Type: Improvement > Components: datanode, security > Reporter: Kihwal Lee > Assignee: Kihwal Lee > Attachments: HDFS-11069.patch > > > The current implementation of {{checkSuperuserPrivilege()}} allows the > datanode user from any node to be recognized as a super user. If one > datanode is compromised, the intruder can issue {{shutdownDatanode()}}, > {{evictWriters()}}, {{triggerBlockReport()}}, etc. against all other > datanodes. Although this does not expose stored data, it can cause service > disruptions. > This needs to be tightened to allow only the local datanode user. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: hdfs-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-issues-h...@hadoop.apache.org