[ https://issues.apache.org/jira/browse/IMPALA-11942?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe McDonnell resolved IMPALA-11942. ------------------------------------ Fix Version/s: Impala 4.3.0 Resolution: Fixed > Consider restricting --trusted_domain=localhost to 127.0.0.1 > ------------------------------------------------------------ > > Key: IMPALA-11942 > URL: https://issues.apache.org/jira/browse/IMPALA-11942 > Project: IMPALA > Issue Type: Bug > Components: Backend > Affects Versions: Impala 4.3.0 > Reporter: Joe McDonnell > Assignee: Joe McDonnell > Priority: Major > Fix For: Impala 4.3.0 > > > The trusted domain feature introduced in IMPALA-10210 allows avoiding > authentication when coming from a trusted domain (controlled by the > trusted_domain startup flag). > In some of our tests, we set this to localhost, and we've noticed that on > Ubuntu 20 in AWS, some addresses other than 127.0.0.1 resolve back to > localhost (e.g. 127.23.0.1 resolves to localhost). This causes test failures > on Ubuntu 20 running on an AWS machine. > In general, reverse DNS can be attacked to resolve other IP addresses back to > localhost. We should look into restricting --trusted_domain=localhost to > 127.0.0.1 so that the attacks on reverse DNS can't impact security. -- This message was sent by Atlassian Jira (v8.20.10#820010)