Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-11069

Tighten the authorization of datanode RPC

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      The current implementation of checkSuperuserPrivilege() allows the datanode user from any node to be recognized as a super user. If one datanode is compromised, the intruder can issue shutdownDatanode(), evictWriters(), triggerBlockReport(), etc. against all other datanodes. Although this does not expose stored data, it can cause service disruptions.

      This needs to be tightened to allow only the local datanode user.

      Attachments

        1. HDFS-11069.patch
          1 kB
          Kihwal Lee

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            kihwal Kihwal Lee
            kihwal Kihwal Lee
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment