drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steven Phillips (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-3820) Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues
Date Fri, 02 Oct 2015 20:47:26 GMT

    [ https://issues.apache.org/jira/browse/DRILL-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941735#comment-14941735
] 

Steven Phillips commented on DRILL-3820:
----------------------------------------

My initial thought was to simply set the permissions to 700 for the metadata file. But that
would cause problems when there is impersonation, as the impersonated user would not be able
to read the metadata file.

I actually think the best approach is to have the REFRESH command run as the user who gave
the command, not the drill process user. That way, only a user who has permission to read
all of the subdirectories and files, as well as write to all of the directories, will be able
to run the REFRESH command. The metadata file should have the same owner and permissions as
the directory it is placed in. It should be documented that running this command will expose
some amount of metadata in all underlying directories to anyone who has permission to read
the top level directory.

This will at the very least prevent someone from exploiting the REFRESH command in order to
access metadata in a directory that don't have permission to read.

> Nested Directories : Metadata Cache in a directory stores information from sub-directories
as well creating security issues
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DRILL-3820
>                 URL: https://issues.apache.org/jira/browse/DRILL-3820
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Metadata
>            Reporter: Rahul Challapalli
>            Assignee: Steven Phillips
>            Priority: Critical
>             Fix For: 1.2.0
>
>
> git.commit.id.abbrev=3c89b30
> User A has access to lineitem folder and its subfolders
> User B had access to lineitem folder but not its sub-folders.
> Now when User A runs the "refresh table metadata lineitem" command, the cache file gets
created under lineitem folder. This file contains information from the underlying sub-directories
as well.
> Now User B can download this file and get access to information which he should not be
seeing in the first place.
> This can be very easily reproducible if impersonation is enabled on the cluster.
> Let me know if you need more information to reproduce this issue



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message