Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E02CE200D4B for ; Mon, 27 Nov 2017 23:04:04 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id DEAB0160BFA; Mon, 27 Nov 2017 22:04:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2FE2B160C13 for ; Mon, 27 Nov 2017 23:04:04 +0100 (CET) Received: (qmail 65703 invoked by uid 500); 27 Nov 2017 22:04:03 -0000 Mailing-List: contact issues-help@drill.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@drill.apache.org Delivered-To: mailing list issues@drill.apache.org Received: (qmail 65694 invoked by uid 99); 27 Nov 2017 22:04:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 27 Nov 2017 22:04:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 813A218071A for ; Mon, 27 Nov 2017 22:04:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id zGv6jVSJPymm for ; Mon, 27 Nov 2017 22:04:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 33B5C5F23E for ; Mon, 27 Nov 2017 22:04:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id CB305E0F7D for ; Mon, 27 Nov 2017 22:04:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 5B325241BB for ; Mon, 27 Nov 2017 22:04:00 +0000 (UTC) Date: Mon, 27 Nov 2017 22:04:00 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: issues@drill.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (DRILL-5964) Do not allow queries to access paths outside the current workspace root MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 27 Nov 2017 22:04:05 -0000 [ https://issues.apache.org/jira/browse/DRILL-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267671#comment-16267671 ] ASF GitHub Bot commented on DRILL-5964: --------------------------------------- Github user arina-ielchiieva commented on a diff in the pull request: https://github.com/apache/drill/pull/1050#discussion_r153337275 --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/WorkspaceConfig.java --- @@ -30,18 +30,25 @@ public class WorkspaceConfig { /** Default workspace is a root directory which supports read, but not write. */ - public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", false, null); + public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", false, null, false); private final String location; private final boolean writable; private final String defaultInputFormat; - + private final Boolean allowAccessOutsideWorkspace; // allow access outside the workspace by default. This + // field is a Boolean (not boolean) so that we can + // assign a default value if it is not defined in a + // storage plugin config public WorkspaceConfig(@JsonProperty("location") String location, @JsonProperty("writable") boolean writable, - @JsonProperty("defaultInputFormat") String defaultInputFormat) { + @JsonProperty("defaultInputFormat") String defaultInputFormat, + @JsonProperty("allowAccessOutsideWorkspace") Boolean allowAccessOutsideWorkspace + ) { this.location = location; this.writable = writable; this.defaultInputFormat = defaultInputFormat; + //this.allowAccessOutsideWorkspace = allowAccessOutsideWorkspace != null ? allowAccessOutsideWorkspace : false ; + this.allowAccessOutsideWorkspace = true; --- End diff -- It seems we should not always set true... > Do not allow queries to access paths outside the current workspace root > ----------------------------------------------------------------------- > > Key: DRILL-5964 > URL: https://issues.apache.org/jira/browse/DRILL-5964 > Project: Apache Drill > Issue Type: Improvement > Affects Versions: 1.11.0 > Reporter: Parth Chandra > Assignee: Parth Chandra > Labels: doc-impacting > > Workspace definitions in the dfs plugin are intended to provide a convenient shortcut to long directory paths. However, some users may wish to disallow access to paths outside the root of the workspace, possibly to prevent accidental access. Note that this is a convenience option and not a substitute for permissions on the file system. -- This message was sent by Atlassian JIRA (v6.4.14#64029)