Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How does Ranger HDFS plugin avoid reading tampered local policy cache file?

Solved Go to solution

How does Ranger HDFS plugin avoid reading tampered local policy cache file?

I modified(tampered) a local policy file written by Ranger HDFS Plugin to test against illegal or malicious operation, but authorization rules are not changed. For example:

1. user "ohide" cannot read /user/ohide

2. admit user "ohide" to read /user/ohide by Ranger

3. confirm user "ohide" can read /user/ohide

4. delete an entry added by step 2 from a local policy cache file in NameNode host (where Ranger HDFS Plugin running)

5. try to read /user/ohide by user "ohide" and succeeded.

This behavior is appropriate I think, but I do not know and want to know how to avoid not to read tampered policy cache file. Does anyone know the answer of my question?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How does Ranger HDFS plugin avoid reading tampered local policy cache file?

The Plugin connects to Ranger to get the updated policy file and writes it to a local file in case it has to restart. It doesn't monitor the local files for changes to reload them. Because why would it.

I assume if you stop ranger ( to make sure it cannot be contacted for an update ) then restart HDFS he would take your changes. ( Didn't try it but sounds like a reasonable assumption ). Now to exploit this you would need to force an hdfs restart and block access to ranger I suppose.

Now how to stop people from tampering it? Just make sure random people cannot become root or users from the hadoop group on your system. the policy cache files can only be written by hive, ranger users etc. Once somebody is root on any node on the cluster you will have a hard time stopping anybody from doing things esp. if they can log in to the master servers. On the client you still might have a chance.

View solution in original post

2 REPLIES 2
Highlighted

Re: How does Ranger HDFS plugin avoid reading tampered local policy cache file?

The Plugin connects to Ranger to get the updated policy file and writes it to a local file in case it has to restart. It doesn't monitor the local files for changes to reload them. Because why would it.

I assume if you stop ranger ( to make sure it cannot be contacted for an update ) then restart HDFS he would take your changes. ( Didn't try it but sounds like a reasonable assumption ). Now to exploit this you would need to force an hdfs restart and block access to ranger I suppose.

Now how to stop people from tampering it? Just make sure random people cannot become root or users from the hadoop group on your system. the policy cache files can only be written by hive, ranger users etc. Once somebody is root on any node on the cluster you will have a hard time stopping anybody from doing things esp. if they can log in to the master servers. On the client you still might have a chance.

View solution in original post

Highlighted

Re: How does Ranger HDFS plugin avoid reading tampered local policy cache file?

@Benjamin Leonhardi

Thank you very much for your answer! I understood well!

Don't have an account?
Coming from Hortonworks? Activate your account here