You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/03/04 15:33:40 UTC

[jira] [Commented] (HADOOP-12888) HDFS client requires compromising permission when running under JVM security manager

    [ https://issues.apache.org/jira/browse/HADOOP-12888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15179949#comment-15179949 ] 

Steve Loughran commented on HADOOP-12888:
-----------------------------------------

attach the patch to this JIRA, use a name of the form HADOOP-12888-001.patch, hit the the "submit patch" button and it'll be trigger an automatic review. Yetus will complain about the lack of tests, but we'll have to go with that. Did it work for you in any manual tests

Moving the issue from HDFS to Hadoop as its in the common module

> HDFS client requires compromising permission when running under JVM security manager
> ------------------------------------------------------------------------------------
>
>                 Key: HADOOP-12888
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12888
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.7.2
>         Environment: Linux
>            Reporter: Costin Leau
>
> HDFS _client_ requires dangerous permission, in particular _execute_ on _all files_ despite only trying to connect to an HDFS cluster.
> A full list (for both Hadoop 1 and 2) is available here along with the place in code where they occur.
> While it is understandable for some permissions to be used, requiring {{FilePermission <<ALL FILES>> execute}} to simply initialize a class field [Shell|https://github.com/apache/hadoop/blob/0fa54d45b1cf8a29f089f64d24f35bd221b4803f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java#L728] which in the end is not used (since it's just a client) simply *compromises* the entire security system.
> To make matters worse, the code is executed to initialize a field so in case the permissions is not granted, the VM fails with {{InitializationError}} which is unrecoverable.
> Ironically enough, on Windows this problem does not appear since the code simply bypasses it and initializes the field with a fall back value ({{false}}).
> A quick fix would be to simply take into account that the JVM {{SecurityManager}} might be active and the permission not granted or that the external process fails and use a fall back value.
> A proper and long-term fix would be to minimize the use of permissions for hdfs client since it is simply not required. A client should be as light as possible and not have the server requirements leaked onto.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)