FAQ
alfredo config should be in a file not readable by users
--------------------------------------------------------

Key: HADOOP-7621
URL: https://issues.apache.org/jira/browse/HADOOP-7621
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: 0.20.205.0, 0.23.0, 0.24.0
Reporter: Alejandro Abdelnur
Priority: Critical
Fix For: 0.20.205.0, 0.23.0, 0.24.0


[thxs ATM for point this one out]

Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded).

One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie.

A user could get hold of this secret and forge authentication cookies for other users.

Because of this the Alfredo configuration, should be move to a user non-readable file.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Search Discussions

  • Aaron T. Myers (JIRA) at Sep 21, 2011 at 7:07 pm
    [ https://issues.apache.org/jira/browse/HADOOP-7621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Aaron T. Myers reopened HADOOP-7621:
    ------------------------------------

    Assignee: Aaron T. Myers (was: Alejandro Abdelnur)

    Reopening this for the branch-0.20-security back-port. Assigning it to me since Alejandro is going to be offline for a while.
    alfredo config should be in a file not readable by users
    --------------------------------------------------------

    Key: HADOOP-7621
    URL: https://issues.apache.org/jira/browse/HADOOP-7621
    Project: Hadoop Common
    Issue Type: Bug
    Components: security
    Affects Versions: 0.20.205.0, 0.23.0, 0.24.0
    Reporter: Alejandro Abdelnur
    Assignee: Aaron T. Myers
    Priority: Critical
    Fix For: 0.24.0

    Attachments: HADOOP-7621-branch-0.20-security.patch, HADOOP-7621.patch, HADOOP-7621.patch, HADOOP-7621.patch


    [thxs ATM for point this one out]
    Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded).
    One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie.
    A user could get hold of this secret and forge authentication cookies for other users.
    Because of this the Alfredo configuration, should be move to a user non-readable file.
    --
    This message is automatically generated by JIRA.
    For more information on JIRA, see: http://www.atlassian.com/software/jira
  • Aaron T. Myers (JIRA) at Sep 21, 2011 at 8:05 pm
    [ https://issues.apache.org/jira/browse/HADOOP-7621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

    Aaron T. Myers resolved HADOOP-7621.
    ------------------------------------

    Resolution: Fixed
    Fix Version/s: 0.20.206.0
    alfredo config should be in a file not readable by users
    --------------------------------------------------------

    Key: HADOOP-7621
    URL: https://issues.apache.org/jira/browse/HADOOP-7621
    Project: Hadoop Common
    Issue Type: Bug
    Components: security
    Affects Versions: 0.20.205.0, 0.23.0, 0.24.0
    Reporter: Alejandro Abdelnur
    Assignee: Aaron T. Myers
    Priority: Critical
    Fix For: 0.20.206.0, 0.24.0

    Attachments: HADOOP-7621-branch-0.20-security.patch, HADOOP-7621-branch-0.20-security.patch, HADOOP-7621.patch, HADOOP-7621.patch, HADOOP-7621.patch


    [thxs ATM for point this one out]
    Alfredo configuration currently is stored in the core-site.xml file, this file is readable by users (it must be as Configuration defaults must be loaded).
    One of Alfredo config values is a secret which is used by all nodes to sign/verify the authentication cookie.
    A user could get hold of this secret and forge authentication cookies for other users.
    Because of this the Alfredo configuration, should be move to a user non-readable file.
    --
    This message is automatically generated by JIRA.
    For more information on JIRA, see: http://www.atlassian.com/software/jira

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommon-dev @
categorieshadoop
postedSep 10, '11 at 1:03a
activeSep 21, '11 at 8:05p
posts3
users1
websitehadoop.apache.org...
irc#hadoop

1 user in discussion

Aaron T. Myers (JIRA): 3 posts

People

Translate

site design / logo © 2022 Grokbase