Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
Description
UserGroupInformation.createRemoteUser(String user) is hard coded Authentication method to SIMPLE by HADOOP-10683. This by passed proxyuser ACL check, isSecurityEnabled check, and allow caller to impersonate as anyone. This method could be abused in the main code base, which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE or Kerberos enabled environment.