The current implementation of checkSuperuserPrivilege() allows the datanode user from any node to be recognized as a super user. If one datanode is compromised, the intruder can issue shutdownDatanode(), evictWriters(), triggerBlockReport(), etc. against all other datanodes. Although this does not expose stored data, it can cause service disruptions.
This needs to be tightened to allow only the local datanode user.
- is depended upon by
HDFS-12372 Document the impact of HDFS-11069 (Tighten the authorization of datanode RPC)
- is related to
HDFS-11053 Unnecessary superuser check in versionRequest()