drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rahul Challapalli (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-3820) Nested Directories : Metadata Cache in a directory stores information from sub-directories as well creating security issues
Date Fri, 02 Oct 2015 21:41:27 GMT

    [ https://issues.apache.org/jira/browse/DRILL-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14941814#comment-14941814
] 

Rahul Challapalli commented on DRILL-3820:
------------------------------------------

Why not read and write both as the drillbit process user even with impersonation?

> Nested Directories : Metadata Cache in a directory stores information from sub-directories
as well creating security issues
> ---------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DRILL-3820
>                 URL: https://issues.apache.org/jira/browse/DRILL-3820
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Metadata
>            Reporter: Rahul Challapalli
>            Assignee: Steven Phillips
>            Priority: Critical
>             Fix For: 1.2.0
>
>
> git.commit.id.abbrev=3c89b30
> User A has access to lineitem folder and its subfolders
> User B had access to lineitem folder but not its sub-folders.
> Now when User A runs the "refresh table metadata lineitem" command, the cache file gets
created under lineitem folder. This file contains information from the underlying sub-directories
as well.
> Now User B can download this file and get access to information which he should not be
seeing in the first place.
> This can be very easily reproducible if impersonation is enabled on the cluster.
> Let me know if you need more information to reproduce this issue



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message