[
https://issues.apache.org/jira/browse/HADOOP-12888?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15185601#comment-15185601
]
Costin Leau commented on HADOOP-12888:
--------------------------------------
I went for debug:
1. to be consistent (similar to isSetsid
2. just like on windows on the other code paths, having these features
disabled, on the client, has no impact. On info they would simply add noise and
confusion in my opinion.
> HDFS client requires compromising permission when running under JVM security
> manager
> ------------------------------------------------------------------------------------
>
> Key: HADOOP-12888
> URL: https://issues.apache.org/jira/browse/HADOOP-12888
> Project: Hadoop Common
> Issue Type: Bug
> Components: security
> Affects Versions: 2.7.2
> Environment: Linux
> Reporter: Costin Leau
> Assignee: Costin Leau
> Labels: stevel-to-review
> Attachments: HADOOP-12888-001.patch, HADOOP-12888-002.patch,
> HADOOP-12888-003.patch
>
>
> HDFS _client_ requires dangerous permission, in particular _execute_ on _all
> files_ despite only trying to connect to an HDFS cluster.
> A full list (for both Hadoop 1 and 2) is available here along with the place
> in code where they occur.
> While it is understandable for some permissions to be used, requiring
> {{FilePermission <<ALL FILES>> execute}} to simply initialize a class field
> [Shell|https://github.com/apache/hadoop/blob/0fa54d45b1cf8a29f089f64d24f35bd221b4803f/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/Shell.java#L728]
> which in the end is not used (since it's just a client) simply *compromises*
> the entire security system.
> To make matters worse, the code is executed to initialize a field so in case
> the permissions is not granted, the VM fails with {{InitializationError}}
> which is unrecoverable.
> Ironically enough, on Windows this problem does not appear since the code
> simply bypasses it and initializes the field with a fall back value
> ({{false}}).
> A quick fix would be to simply take into account that the JVM
> {{SecurityManager}} might be active and the permission not granted or that
> the external process fails and use a fall back value.
> A proper and long-term fix would be to minimize the use of permissions for
> hdfs client since it is simply not required. A client should be as light as
> possible and not have the server requirements leaked onto.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
