Kihwal Lee created HDFS-11053:
---------------------------------
Summary: Unnecessary superuser check in versionRequest()
Key: HDFS-11053
URL: https://issues.apache.org/jira/browse/HDFS-11053
Project: Hadoop HDFS
Issue Type: Bug
Reporter: Kihwal Lee
The {{versionRequest()}} call does not return any sensitive information. It is
mainly used for sanity checks. The presence of {{checkSuperuserPrivilege()}}
forces users to run datanode as a hdfs superuser.
In secure setup, a keytab obtained from a compromised datanode can allow the
intruder to gain hdfs superuser privilege. We should allow datanodes to be run
as non-hdfs-superuser by removing {{checkSuperuserPrivilege()}} from
{{versionRequest()}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
