Thanks Dhruba. I will do that. Also, could you refer me to any documentation/link regarding any work happening in this regard. I would be interested in participating/contributing in it.
Thanks Pallavi -----Original Message----- From: Dhruba Borthakur [mailto:dhr...@gmail.com] Sent: Monday, August 03, 2009 10:59 AM To: common-dev@hadoop.apache.org Subject: Re: Remote access to cluster with superuser privileges from untrusted IPs Hi Pallavi, You are always welcome to post you code as a patch to a JIRA. Even if it does not get committed to the Hadoop code base, you can always refer people to your patch in the JIRA and ask them to use it. thanks, dhruba On Sun, Aug 2, 2009 at 8:54 PM, Palleti, Pallavi < pallavi.pall...@corp.aol.com> wrote: > Can someone kindly let me know whether any work is happening in this > regard. If not, I would like to add a patch which might be useful for > many. > > Thanks > Pallavi > > -----Original Message----- > From: Palleti, Pallavi [mailto:pallavi.pall...@corp.aol.com] > Sent: Friday, July 31, 2009 12:20 PM > To: common-dev@hadoop.apache.org > Subject: Remote access to cluster with superuser privileges from > untrusted IPs > > Hi all, > > > > We are using hadoop-0.18.2 in our cluster and figured out that there is > a security flaw in current hadoop code as it don't check the > authentication of user. This would let any person to access cluster as > super user once the details like super user name and the configuration > details are known. I tried to solve this issue by allowing super user > access only from some specified IP Range. This would at least block > remote super user access from untrusted IP Addresses. > > > > I have modified the code accordingly in Server.java code. I would like > to add it as a patch so that it can be useful for others. However, when > I looked at the trunk code, I could see that there is some work related > to it is happening but am not sure. Especially, there is some code at > Server.java which throws PrivilegedActionException for untrusted user I > believe. Can someone kindly clarify if it is written for the same > purpose? If not, kindly suggest the version I should use to create a > patch so that it can be useful for many. > > > > Thanks > > Pallavi > >
