[
https://issues.apache.org/jira/browse/HDDS-15467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivan Andika updated HDDS-15467:
-------------------------------
Description: Found a possible security issue where
OmClientRequest#getUserInfoNotExists might user an admin user (OM starter user)
privilege if the client does not specify any user info. I don't think normal
clients will gain admin user currently since both Hadoop RPC and gRPC clients
should already have the user info. However, I think it's best to be defensive
and for getUserInfoNotExists to not fallback to the admin user since if we make
any changes in getUserInfo that causes userInfo's remoteAddress and userInfo's
username to not be set, it might cause cause privilege escalations. (was:
Found a possible security issue where OmClientRequest#getUserInfoNotExists
might user an admin user (OM starter user) privilege if the client does not
specify any user info. I don't think normal clients will gain admin user
currently since both Hadoop RPC and gRPC clients should already have the user
info. However, I think it's best to for getUserInfoNotExists to not fallback to
the admin user since if we make any changes in getUserInfo that causes
userInfo's remoteAddress and userInfo's username to not be set, it might cause
cause privilege escalations.)
> OmClientRequest#getUserInfoNotExists should not fallback to starter user by
> default
> -----------------------------------------------------------------------------------
>
> Key: HDDS-15467
> URL: https://issues.apache.org/jira/browse/HDDS-15467
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Ivan Andika
> Assignee: Ivan Andika
> Priority: Major
>
> Found a possible security issue where OmClientRequest#getUserInfoNotExists
> might user an admin user (OM starter user) privilege if the client does not
> specify any user info. I don't think normal clients will gain admin user
> currently since both Hadoop RPC and gRPC clients should already have the user
> info. However, I think it's best to be defensive and for getUserInfoNotExists
> to not fallback to the admin user since if we make any changes in getUserInfo
> that causes userInfo's remoteAddress and userInfo's username to not be set,
> it might cause cause privilege escalations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
