You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Jason Lowe (JIRA)" <ji...@apache.org> on 2018/01/08 16:34:00 UTC

[jira] [Updated] (HADOOP-15162) UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE

     [ https://issues.apache.org/jira/browse/HADOOP-15162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Lowe updated HADOOP-15162:
--------------------------------
    Summary: UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE  (was: UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE)

Could you elaborate on how this allows the caller to impersonate anyone?  Putting a check in UGI's createRemoteUser seems like a client-side security fix, and that's not going to be very helpful since we should never trust the client.  Allowing that UGI to gain access to a secured server simply because the client says they want to authenticate via SIMPLE would be very bad.  A properly secured server should reject such shenanigans.  But the fix in that case would be in the authentication handshake and not in preventing the UGI from being created in the first place.  We cannot control the code an untrusted client is using.

I don't think it's directly harmful to create a UGI with no credentials even if the caller is not an official proxy user.  It can be useful for simply setting up a user with no initial credentials and then later attaching credentials (e.g.: security tokens) as is done in the YARN container localizer, log aggregator, etc.  Those are cases where the caller is not an official proxy user.

> UserGroupInformation.createRemoteUser hardcode authentication method to SIMPLE
> ------------------------------------------------------------------------------
>
>                 Key: HADOOP-15162
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Eric Yang
>
> {{UserGroupInformation.createRemoteUser(String user)}} is hard coded Authentication method to SIMPLE by HADOOP-10683.  This by passed proxyuser ACL check, isSecurityEnabled check, and allow caller to impersonate as anyone.  This method could be abused in the main code base, which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE or Kerberos enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org