Hadoop Common
  1. Hadoop Common
  2. HADOOP-7621

alfredo config should be in a file not readable by users

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: 0.20.205.0, 0.23.0, 0.24.0
    • Fix Version/s: 1.1.0, 0.22.1, 2.0.0-alpha
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      [thxs ATM for point this one out]

      Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded).

      One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie.

      A user could get hold of this secret and forge authentication cookies for other users.

      Because of this the Alfredo configuration, should be move to a user non-readable file.

      1. hadoop-7621-022.patch
        3 kB
        Benoy Antony
      2. HADOOP-7621-branch-0.20-security.patch
        5 kB
        Aaron T. Myers
      3. HADOOP-7621-branch-0.20-security.patch
        5 kB
        Aaron T. Myers
      4. HADOOP-7621.patch
        7 kB
        Alejandro Abdelnur
      5. HADOOP-7621.patch
        7 kB
        Alejandro Abdelnur
      6. HADOOP-7621.patch
        10 kB
        Alejandro Abdelnur

        Issue Links

          Activity

            People

            • Assignee:
              Aaron T. Myers
              Reporter:
              Alejandro Abdelnur
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development