drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5964) Do not allow queries to access paths outside the current workspace root
Date Tue, 28 Nov 2017 09:36:00 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16268450#comment-16268450
] 

ASF GitHub Bot commented on DRILL-5964:
---------------------------------------

Github user arina-ielchiieva commented on a diff in the pull request:

    https://github.com/apache/drill/pull/1050#discussion_r153436976
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/WorkspaceConfig.java
---
    @@ -30,18 +30,24 @@
     public class WorkspaceConfig {
     
       /** Default workspace is a root directory which supports read, but not write. */
    -  public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", false, null);
    +  public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", false, null,
false);
     
       private final String location;
       private final boolean writable;
       private final String defaultInputFormat;
    -
    +  private final Boolean allowAccessOutsideWorkspace; // allow access outside the workspace
by default. This
    --- End diff --
    
    1. Can we adjust the variable to be false by default, i.e. rename it to `disallowAccessOutsideWorkspace`?
Thus we'll be able to use primitive, right?
    2. In the below code you always set `this.allowAccessOutsideWorkspace = true;`, block
with `this.allowAccessOutsideWorkspace = allowAccessOutsideWorkspace != null ? allowAccessOutsideWorkspace
: false ;` is commented. I guess this is a mistake.


> Do not allow queries to access paths outside the current workspace root
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5964
>                 URL: https://issues.apache.org/jira/browse/DRILL-5964
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Parth Chandra
>            Assignee: Parth Chandra
>              Labels: doc-impacting
>
> Workspace definitions in the dfs plugin are intended to provide a convenient shortcut
to long directory paths. However, some users may wish to disallow access to paths outside
the root of the workspace, possibly to prevent accidental access. Note that this is a convenience
option and not a substitute for permissions on the file system.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message