You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Yongjun Zhang (JIRA)" <ji...@apache.org> on 2015/11/19 08:14:11 UTC
[jira] [Resolved] (HDFS-8906) Non Authenticated Data node Allowed
to Join HDFS
[ https://issues.apache.org/jira/browse/HDFS-8906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yongjun Zhang resolved HDFS-8906.
---------------------------------
Resolution: Won't Fix
Hi [~JJHoward],
Thanks for reporting the issue, I'm closing it as 'Won't fix" per [~aw]'s comments. Please raise if you have any concern. Thanks.
> Non Authenticated Data node Allowed to Join HDFS
> ------------------------------------------------
>
> Key: HDFS-8906
> URL: https://issues.apache.org/jira/browse/HDFS-8906
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode
> Affects Versions: 0.20.2
> Environment: CentOS 6.7
> Reporter: John J. Howard
> Priority: Minor
> Labels: security
>
> An attacker with network access to a Hadoop cluster can create a spoof datanode that the namenode will accept into the cluster without authentication, allowing the attacker to run MapReduce jobs on the cluster in order to steal data. The spoof datanode is created by adding the namenode RSA SSH public key to the known hosts directory, starting Hadoop services, setting the IP address to be the same as a legitimate node on the Hadoop cluster and sending the namenode a heartbeat message with an empty namespace ID. This will cause the namenode to think that the spoof datanode is a node that had previously crashed and lost its data. The namenode will then connect to the spoof datanode using its SSH credentials and start replicating data on the spoof datanode, incorporating the spoof datanode into the cluster. Once incorporated, the spoof node can start issuing MapReduce jobs to retrieve cluster data.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)