You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "John J. Howard (JIRA)" <ji...@apache.org> on 2015/08/17 15:53:46 UTC

[jira] [Created] (HDFS-8906) Non Authenticated Data node Allowed to Join HDFS

John J. Howard created HDFS-8906:
------------------------------------

             Summary: Non Authenticated Data node Allowed to Join HDFS
                 Key: HDFS-8906
                 URL: https://issues.apache.org/jira/browse/HDFS-8906
             Project: Hadoop HDFS
          Issue Type: Bug
          Components: datanode, namenode
    Affects Versions: 0.20.2
         Environment: CentOS 6.7
            Reporter: John J. Howard
            Priority: Minor


An attacker with network access to a Hadoop cluster can create a spoof datanode that the namenode will accept into the cluster without authentication, allowing the attacker to run MapReduce jobs on the cluster in order to steal data.  The spoof datanode is created by adding the namenode RSA SSH public key to the known hosts directory, starting Hadoop services, setting the IP address to be the same as a legitimate node on the Hadoop cluster and sending the namenode a heartbeat message with an empty namespace ID.  This will cause the namenode to think that the spoof datanode is a node that had previously crashed and lost its data.  The namenode will then connect to the spoof datanode using its SSH credentials and start replicating data on the spoof datanode, incorporating the spoof datanode into the cluster.  Once incorporated, the spoof node can start issuing MapReduce jobs to retrieve cluster data.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)