Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-11069

Tighten the authorization of datanode RPC

    Details

    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      The current implementation of checkSuperuserPrivilege() allows the datanode user from any node to be recognized as a super user. If one datanode is compromised, the intruder can issue shutdownDatanode(), evictWriters(), triggerBlockReport(), etc. against all other datanodes. Although this does not expose stored data, it can cause service disruptions.

      This needs to be tightened to allow only the local datanode user.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kihwal Kihwal Lee
                Reporter:
                kihwal Kihwal Lee
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: