drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5582) [Threat Modeling] Drillbit may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Drillbit
Date Wed, 18 Oct 2017 05:15:04 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5582?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16208823#comment-16208823
] 

ASF GitHub Bot commented on DRILL-5582:
---------------------------------------

Github user parthchandra commented on a diff in the pull request:

    https://github.com/apache/drill/pull/997#discussion_r145317288
  
    --- Diff: contrib/native/client/src/clientlib/drillClientImpl.cpp ---
    @@ -595,6 +611,12 @@ connectionStatus_t DrillClientImpl::validateHandshake(DrillUserProperties*
prope
     
         switch(this->m_handshakeStatus) {
             case exec::user::SUCCESS:
    +            // Check if client needs auth/encryption and server is not requiring it
    +            if(clientNeedsAuthentication(properties) || clientNeedsEncryption(properties))
{
    --- End diff --
    
    Generally, all error messages come from errmsgs.cpp so we can localize them when we need
to. 


> [Threat Modeling] Drillbit may be spoofed by an attacker and this may lead to data being
written to the attacker's target instead of Drillbit
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DRILL-5582
>                 URL: https://issues.apache.org/jira/browse/DRILL-5582
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.10.0
>            Reporter: Rob Wu
>            Assignee: Sorabh Hamirwasia
>            Priority: Minor
>              Labels: doc-impacting
>             Fix For: 1.12.0
>
>
> *Consider the scenario:*
> Alice has a drillbit (my.drillbit.co) with plain and kerberos authentication enabled
containing important data. Bob, the attacker, attempts to spoof the connection and redirect
it to his own drillbit (fake.drillbit.co) with no authentication setup. 
> When Alice is under attack and attempts to connect to her secure drillbit, she is actually
authenticating against Bob's drillbit. At this point, the connection should have failed due
to unmatched configuration. However, the current implementation will return SUCCESS as long
as the (spoofing) drillbit has no authentication requirement set.
> Currently, the drillbit <-  to  -> drill client connection accepts the lowest authentication
configuration set on the server. This leaves unsuspecting user vulnerable to spoofing. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message