You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2023/03/16 21:41:00 UTC

[jira] [Commented] (IMPALA-11942) Consider restricting --trusted_domain=localhost to 127.0.0.1

    [ https://issues.apache.org/jira/browse/IMPALA-11942?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701399#comment-17701399 ] 

ASF subversion and git services commented on IMPALA-11942:
----------------------------------------------------------

Commit c2287823e095e3affd1a99982a57c5df623a95b6 in impala's branch refs/heads/master from Joe McDonnell
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=c2287823e ]

IMPALA-11942: Restrict trusted_domain=localhost to 127.0.0.1 by default

The trusted_domain startup parameter uses reverse DNS to determine
if a connection is coming from a trusted domain. For
trusted_domain=localhost, reverse DNS can be unreliable, because
some non-local IP ranges map to localhost. This can also cause
issues with our test cases. In some test environments (Ubuntu 20.04
on AWS), IP addresses like 127.23.0.1 resolve to localhost.

This adds a new startup option trusted_domain_strict_localhost,
which defaults to true. When true, Impala does not do a reverse
DNS request to determine if an IP address is localhost. Instead,
it compares to 127.0.0.1 directly. When false, localhost uses
the same reverse DNS logic as before.

Testing:
 - Modified the existing trusted_domain tests to test with
   trusted_domain_strict_localhost=true and false.
 - Ubuntu 20.04 tests pass on an AWS machine.

Change-Id: I5915cdd812d461366a421a739c18afecef44fb5b
Reviewed-on: http://gerrit.cloudera.org:8080/19607
Reviewed-by: Wenzhe Zhou <wz...@cloudera.com>
Tested-by: Impala Public Jenkins <im...@cloudera.com>


> Consider restricting --trusted_domain=localhost to 127.0.0.1
> ------------------------------------------------------------
>
>                 Key: IMPALA-11942
>                 URL: https://issues.apache.org/jira/browse/IMPALA-11942
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Backend
>    Affects Versions: Impala 4.3.0
>            Reporter: Joe McDonnell
>            Assignee: Joe McDonnell
>            Priority: Major
>
> The trusted domain feature introduced in IMPALA-10210 allows avoiding authentication when coming from a trusted domain (controlled by the trusted_domain startup flag).
> In some of our tests, we set this to localhost, and we've noticed that on Ubuntu 20 in AWS, some addresses other than 127.0.0.1 resolve back to localhost (e.g. 127.23.0.1 resolves to localhost). This causes test failures on Ubuntu 20 running on an AWS machine.
> In general, reverse DNS can be attacked to resolve other IP addresses back to localhost. We should look into restricting --trusted_domain=localhost to 127.0.0.1 so that the attacks on reverse DNS can't impact security.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org