Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-7621

alfredo config should be in a file not readable by users

VotersStop watchingWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 0.20.205.0, 0.23.0, 0.24.0
    • 1.1.0, 0.22.1, 0.23.3
    • security
    • None
    • Reviewed

    Description

      [thxs ATM for point this one out]

      Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded).

      One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie.

      A user could get hold of this secret and forge authentication cookies for other users.

      Because of this the Alfredo configuration, should be move to a user non-readable file.

      Attachments

        1. HADOOP-7621.patch
          7 kB
          Alejandro Abdelnur
        2. HADOOP-7621.patch
          7 kB
          Alejandro Abdelnur
        3. HADOOP-7621.patch
          10 kB
          Alejandro Abdelnur
        4. hadoop-7621-022.patch
          3 kB
          Benoy Antony
        5. HADOOP-7621-branch-0.20-security.patch
          5 kB
          Aaron Myers
        6. HADOOP-7621-branch-0.20-security.patch
          5 kB
          Aaron Myers

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            atm Aaron Myers
            tucu00 Alejandro Abdelnur
            Votes:
            0 Vote for this issue
            Watchers:
            6 Stop watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment