Skip to content

HADOOP-19925. Create a SECURITY.md file to define the security model#8562

Merged
steveloughran merged 14 commits into
apache:trunkfrom
steveloughran:security/HADOOP-19925-security-file
Jul 8, 2026
Merged

HADOOP-19925. Create a SECURITY.md file to define the security model#8562
steveloughran merged 14 commits into
apache:trunkfrom
steveloughran:security/HADOOP-19925-security-file

Conversation

@steveloughran

Copy link
Copy Markdown
Contributor

How was this patch tested?

Security model for hadoop, mostly for AI submissions

  • calls out that non-kerberos clusters are out of scope, job submission doesn't earn you an RCE CVE and more.
  • adds requirements on the submitter
  • "special topics" section at the end for corner cases we care about.
  • callout for third party dependencies to point people at when they ask for updates there.

For code changes:

  • Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
  • Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
  • If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

AI Tooling

If an AI tool was used:

+ AGENTS.md

Contains prose generated by claude
@github-actions github-actions Bot added the trunk label Jun 23, 2026
@steveloughran steveloughran force-pushed the security/HADOOP-19925-security-file branch from 862c1a5 to d1d1c5d Compare June 23, 2026 18:45
@hadoop-yetus

Copy link
Copy Markdown

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 12m 20s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 markdownlint 0m 0s markdownlint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ trunk Compile Tests _
+1 💚 mvninstall 45m 44s trunk passed
+1 💚 mvnsite 19m 19s trunk passed
+1 💚 shadedclient 93m 39s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 37m 50s the patch passed
-1 ❌ blanks 0m 0s /blanks-eol.txt The patch has 1 line(s) that end in blanks. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚 mvnsite 19m 15s the patch passed
+1 💚 shadedclient 48m 0s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 asflicense 0m 46s The patch does not generate ASF License warnings.
194m 41s
Subsystem Report/Notes
Docker ClientAPI=1.55 ServerAPI=1.55 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/2/artifact/out/Dockerfile
GITHUB PR #8562
Optional Tests dupname asflicense mvnsite codespell detsecrets markdownlint
uname Linux 98346e3efb8b 5.15.0-181-generic #191-Ubuntu SMP Fri May 22 19:09:02 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / d1d1c5d
Max. process+thread count 612 (vs. ulimit of 10000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/2/console
versions git=2.43.0 maven=3.9.15
Powered by Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

@hadoop-yetus

Copy link
Copy Markdown

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 12m 33s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 markdownlint 0m 1s markdownlint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
_ trunk Compile Tests _
+1 💚 mvninstall 46m 9s trunk passed
+1 💚 mvnsite 18m 58s trunk passed
+1 💚 shadedclient 94m 32s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 37m 27s the patch passed
-1 ❌ blanks 0m 0s /blanks-eol.txt The patch has 1 line(s) that end in blanks. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚 mvnsite 18m 59s the patch passed
+1 💚 shadedclient 47m 34s patch has no errors when building and testing our client artifacts.
_ Other Tests _
+1 💚 asflicense 0m 45s The patch does not generate ASF License warnings.
195m 1s
Subsystem Report/Notes
Docker ClientAPI=1.55 ServerAPI=1.55 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/1/artifact/out/Dockerfile
GITHUB PR #8562
Optional Tests dupname asflicense mvnsite codespell detsecrets markdownlint
uname Linux 8aa31b7cc940 5.15.0-181-generic #191-Ubuntu SMP Fri May 22 19:09:02 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / d1d1c5d
Max. process+thread count 635 (vs. ulimit of 10000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/1/console
versions git=2.43.0 maven=3.9.15
Powered by Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

@jzhuge jzhuge left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done

Comment thread AGENTS.md Outdated
Comment on lines +2 to +15
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would use use a SPDX-License-Identifier: Apache-2.0 line here to minimize the tokens ingested by AI agents and prevent their context being “polluted” with the license terms instead of what they should do.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these files are allowed to have no license header

https://www.apache.org/legal/src-headers.html#faq-exceptions

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i've added the spdx header and then got rat to exclude the files; it'll need a rat upgrade to be aware of the headers

Comment thread SECURITY.md
Comment on lines +90 to +92
Report security vulnerabilities in Apache Hadoop privately to
**security@hadoop.apache.org**. Do **not** open a public JIRA issue, GitHub
issue, or pull request for an unfixed vulnerability.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should add:

Do not cc any other @hadoop.apache.org address: these are public mailing lists.

We have seen an insurgence of security reports sent “by mistake” to a public mailing list.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Comment thread SECURITY.md
it has been merged to.
3. If it hasn't been merged, look at why and get involved: major work is likely to be
needed.
4. If there isn't an issue, create one and start work on the PR!

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concerning CVEs in dependencies, please also review apache/security-site#63, which will update the Security Team page: https://security.apache.org/report-dependency/

The two descriptions should be aligned. What we ask from users is not to bother projects sending:

  • Information that a vulnerability is present: everybody knows this,
  • PRs that just upgrade a dependency: Dependabot can do this.

What we ask from user is to:

  • Check the exploitability of the vulnerability and depending on the result either:
    • Publicly tell the project the vulnerability is not exploitable: you should provide guidance on how to do that,
    • Privately tell the project the vulnerability is exploitable and describe the impact the vulnerability has on Hadoop (“PoC or GTFO”).

Since Hadoop is known from shading dependencies, it might be useful to specify that only two kinds of dependencies matter:

  • Those shipped in a Hadoop binary distribution,
  • Those shaded in a Hadoop library.

The rest is irrelevant: Hadoop will not make a new release for a vulnerability in the transitive hull of its Maven dependencies, if that vulnerability is not shipped by any Hadoop artifact and does not require any changes in Hadoop code.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For CVEs in deps, you might consider a page like this: https://solr.apache.org/vex.html

Solr uses a Pellican plugin to generate both the web page and a VEX file from the same source files.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, vex is something to think about

Comment thread SECURITY.md
Preventing logging of these is best-effort.


## Development and CI Threat Model

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reporting rules should be different for these ones. Reporters should e-mail security@infra.apache.org and only Cc security@hadoop.apache.org.

If the threat is credible, INFRA will disable the affected workflow and notify the project.

@steveloughran

Copy link
Copy Markdown
Contributor Author
looking at interesting third party disclosure docs to see what can be lifted

https://github.com/curl/curl/blob/master/docs/VULN-DISCLOSURE-POLICY.md

I like how the introduction must be human generated text.

I think we should add memory and thread leaks to special topics (or other resource consumption)

  • those which hurt long-running processes: bugs
  • resource consumption on services which could be initiated by a lower privileged remote caller and grow rapidly shall be considered CVEs

Also

  • Native code?
  • tls/openssl algorithms "out of scope as third party lib)

Client side resilience to malicious services

  • clients are expected to be well configured (need to call this out) to talk to correct service endpoints, including any web proxies. Lack of resilience to malformed responses SHALL be considered bugs, not CVEs. + Mention how this applies to cloud storage services, ftp, http urls too.

test code

Bugs except when secrets are logged or if it is possible for malicious code to be executed in CI/CD workflows.

handling workflow

  • define the handling process, including links to asf workflow
  • Support calls: reject
  • ai reports: AI triage before human review/reject.
  • human reports: human + AI triage

Downgrade to bug

  • invite submitter to provide pr, create issue, etc, if it is simple
  • complex bugs, expect dev team work
  • bugs get attention with all other work.
  • fix on trunk, backport to supported if not too hard

Accepted vulnerability

  • asf process

CVE scoring: explain why more ruthless than AI. Recognise desire for recognition but that if we don't consider it that important in a well configured production system, it gets a low score. Especially

  • never web/internet facing
  • logs SHOULD be kept private
  • well configured requirement

- review comments, especially on notification process
- new special topics: concurrency, native code, resources, tls, tests
- declare admins, dns, cloud service providers and the network rules as trusted.
@github-actions github-actions Bot added the build label Jun 24, 2026
@steveloughran

Copy link
Copy Markdown
Contributor Author

updated; more special topics and more things we trust (DNS, AWS, admins)

Interesting enumerating what we have to pull inside that trust boundary, especially in cloud deployments.

I should probably put NTP in there too, as I think kerberos depends on time to an extent, doesn't it? or at least zookeeper does.

more trusted components
- kerberos KDCs and cluster clock sync
- cloud hosted hardware; any h/w attacks are out of scope.
Comment thread SECURITY.md Outdated
Comment thread SECURITY.md
credentials or other secrets provided to CI runs is therefore in scope.
- GitHub Actions hardening:
- Actions *MUST* be pinned by commit SHA (with the version as a comment so
Dependabot can track them), not by tag.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

over strict? it should be fine since we are only allowed to use approved Actions https://github.com/apache/infrastructure-actions

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

using the sha lets dependabot manage the version updating; been doing this with cloudstore and it works well

- emphasise on the client we trust os, user, admin, config and cli
- and everywhere we trust the classpath not to have malicious classes.
  if you can add classes, that's the vulnerability.
Comment thread SECURITY.md

In addition, the submitter of an AI-generated report is

1. REQUIRED to understand what Hadoop is, to understand the claimed vulnerability,

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this is a tall ask because it's essentially asking the Hadoop PMC and security@ to subject the report to a Turing Test on submission. I understand the spirit of this bullet but making it REQUIRED without a reasonably objective evaluation method strikes me as unrealistic.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well how you describe it, where goal is "submitter understands hadoop well enough to identify a real CVE or even recognise when a cluster has been deployed without security enabled and so not within our threat model

Comment thread SECURITY.md
scores. If the submitter is unable to do this, then any credit for a resulting
CVE will be assigned to the AI tool alone, and not to the submitter.

2. MUST declare the AI tool used, and be willing to provide the log.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is better than the previous language but I'm not sure what the session log actually gets us here. The whole LLM experience is a massive RNG, it's not reproducible by design. Maybe it could be used to inspect the simulated reasoning for faults, but that seems like it's beyond the scope of the PMC's transactional obligations for accepting or refuting a finding.

Could be interesting for a post-analysis paper though, if submitters are willing to play along.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exactly. it's good to get some collaboration here. CVE reporting is going to change with AI, at both ends.

Comment thread SECURITY.md
The log is a key part of AI tool reports, and we need to be able to track/replicate these.

*Unverified LLM-generated reports waste maintainer time and will be closed
without further response.*

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might as well give this teeth. Add a note here about repeat offenders being banned for a period of time, say, 6 months?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added the threat, left time window unspecified

Comment thread SECURITY.md
Comment thread SECURITY.md
valid and to be writable only by trusted administrators. If an attacker can
manipulate the site configuration, the game is already over — that is out of
scope.
- **The classpath is trusted.** We expect no malicious JAR files to be on the classpath.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That said, we should include an allowlist filters on classes loaded dynamically from the classpath, if we do not already.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to late for that I am afraid

Comment thread SECURITY.md
- All inputs from external pull requests — titles, comments, author metadata, and
code — *SHALL* be considered untrusted, and *MUST NOT* be fed directly or
indirectly to shell commands without sanitization.
- Upstream dependencies from non-ASF projects *MAY* be subverted by supply-chain

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this cooldown policy further specified elsewhere?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not yet, I think it should really be an asf enforced policy

@steveloughran

Copy link
Copy Markdown
Contributor Author

@ndimiduk w.r.t allow lists, I've only come across the jvm-wide ability to restrict classes to deserialize. Spark etc should ship set up to block all the extant exploits and be easy to extend against new ones if they ever surface.

@hadoop-yetus

Copy link
Copy Markdown

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 0s Docker mode activated.
-1 ❌ patch 0m 28s #8562 does not apply to trunk. Rebase required? Wrong Branch? See https://cwiki.apache.org/confluence/display/HADOOP/How+To+Contribute for help.
Subsystem Report/Notes
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/8/console
versions git=2.34.1
Powered by Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

Comment thread SECURITY.md
A valid report includes:

- The Hadoop version, and ideally the git SHA it was reproduced against.
- The exact steps, configuration, and commands used to reproduce it.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just suggest to add some environments info such as OS and Java version etc.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • your github and cloud credentials :) (just to see if the AI tools read that)

Comment thread SECURITY.md
for which lines are currently maintained. A report MUST be reproducible against a
maintained release or the current `trunk` branch.

## The Hadoop Threat Model

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about also post this part to hadoop.apache.org as Hadoop Security after check in?

- we trust javac, gcc and the docker images
  (fun enuming this list)
- highlight token identifiers are critical and we care here

@Hexiaoqiao Hexiaoqiao left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. +1.

+ reorder into alphabetical order
+ lift bit from ASF policy which says we can make it public.
@hadoop-yetus

Copy link
Copy Markdown

💔 -1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 34s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+0 🆗 markdownlint 0m 0s markdownlint was not available.
+0 🆗 xmllint 0m 1s xmllint was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
-1 ❌ test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
_ trunk Compile Tests _
+1 💚 mvninstall 41m 19s trunk passed
+1 💚 compile 16m 18s trunk passed with JDK Ubuntu-21.0.11+10-1-24.04.2-Ubuntu
+1 💚 compile 16m 30s trunk passed with JDK Ubuntu-17.0.19+10-1-24.04.2-Ubuntu
+1 💚 mvnsite 18m 25s trunk passed
+1 💚 javadoc 9m 56s trunk passed with JDK Ubuntu-21.0.11+10-1-24.04.2-Ubuntu
+1 💚 javadoc 9m 34s trunk passed with JDK Ubuntu-17.0.19+10-1-24.04.2-Ubuntu
+1 💚 shadedclient 140m 42s branch has no errors when building and testing our client artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 36m 15s the patch passed
+1 💚 compile 16m 14s the patch passed with JDK Ubuntu-21.0.11+10-1-24.04.2-Ubuntu
+1 💚 javac 16m 14s the patch passed
+1 💚 compile 16m 43s the patch passed with JDK Ubuntu-17.0.19+10-1-24.04.2-Ubuntu
+1 💚 javac 16m 43s the patch passed
-1 ❌ blanks 0m 0s /blanks-eol.txt The patch has 4 line(s) that end in blanks. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
+1 💚 mvnsite 18m 7s the patch passed
+1 💚 javadoc 9m 53s the patch passed with JDK Ubuntu-21.0.11+10-1-24.04.2-Ubuntu
+1 💚 javadoc 9m 41s the patch passed with JDK Ubuntu-17.0.19+10-1-24.04.2-Ubuntu
+1 💚 shadedclient 67m 33s patch has no errors when building and testing our client artifacts.
_ Other Tests _
-1 ❌ unit 534m 7s /patch-unit-root.txt root in the patch failed.
+1 💚 asflicense 1m 33s The patch does not generate ASF License warnings.
816m 17s
Reason Tests
Failed junit tests hadoop.yarn.applications.distributedshell.TestDSWithMultipleNodeManager
hadoop.yarn.applications.distributedshell.TestDSTimelineV10
hadoop.yarn.server.router.webapp.TestFederationWebApp
hadoop.yarn.server.router.webapp.TestRouterWebServicesREST
hadoop.yarn.server.nodemanager.containermanager.logaggregation.TestLogAggregationService
Subsystem Report/Notes
Docker ClientAPI=1.55 ServerAPI=1.55 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/13/artifact/out/Dockerfile
GITHUB PR #8562
Optional Tests dupname asflicense mvnsite codespell detsecrets markdownlint compile javac javadoc mvninstall unit shadedclient xmllint
uname Linux be211390ebe1 5.15.0-181-generic #191-Ubuntu SMP Fri May 22 19:09:02 UTC 2026 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/bin/hadoop.sh
git revision trunk / 7db3771
Default Java Ubuntu-17.0.19+10-1-24.04.2-Ubuntu
Multi-JDK versions /usr/lib/jvm/java-21-openjdk-amd64:Ubuntu-21.0.11+10-1-24.04.2-Ubuntu /usr/lib/jvm/java-17-openjdk-amd64:Ubuntu-17.0.19+10-1-24.04.2-Ubuntu
Test Results https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/13/testReport/
Max. process+thread count 3404 (vs. ulimit of 10000)
modules C: . U: .
Console output https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-8562/13/console
versions git=2.43.0 maven=3.9.15
Powered by Apache Yetus 0.14.1 https://yetus.apache.org

This message was automatically generated.

@steveloughran steveloughran merged commit 2fd406b into apache:trunk Jul 8, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

7 participants