You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Eric Yang (JIRA)" <ji...@apache.org> on 2018/01/06 00:13:00 UTC

[jira] [Created] (HADOOP-15162) UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE

Eric Yang created HADOOP-15162:
----------------------------------

             Summary: UserGroupInformation.createRmoteUser hardcode authentication method to SIMPLE
                 Key: HADOOP-15162
                 URL: https://issues.apache.org/jira/browse/HADOOP-15162
             Project: Hadoop Common
          Issue Type: Bug
          Components: security
            Reporter: Eric Yang


{{UserGroupInformation.createRemoteUser(String user)}} is hard coded Authentication method to SIMPLE by HADOOP-10683.  This by passed proxyuser ACL check, isSecurityEnabled check, and allow caller to impersonate as anyone.  This method could be abused in the main code base, which can cause part of Hadoop to become insecure without proxyuser check for both SIMPLE or Kerberos enabled environment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org