hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arun Suresh (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9984) FileSystem#globStatus and FileSystem#listStatus should resolve symlinks by default
Date Tue, 12 May 2015 20:28:03 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14540644#comment-14540644
] 

Arun Suresh commented on HADOOP-9984:
-------------------------------------

Apologize for chiming in late..

>From Hive/Sentry perspective, the following could be a security issue :

In the situation where hive impersonation is turned off. An external table might be created
(say.. located at {{/external/foo}} ) to ingest data from an external source. Read and Write
ACLs are generally granted to those table directories via Sentry or possibly even Hive auth...
lets say a user/group {{bar}} is NOT granted access to that table. It is possible for the
hive user to create a symlink from the above {{foo}} table or a contained partition directory
to another table directory for which {{bar}} has read access to. Since Hive does not perform
symlink resolution while accessing table data, technically {{bar}} will now be able to read
data written to {{foo}}

Does this make sense ?


> FileSystem#globStatus and FileSystem#listStatus should resolve symlinks by default
> ----------------------------------------------------------------------------------
>
>                 Key: HADOOP-9984
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9984
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs
>    Affects Versions: 2.1.0-beta
>            Reporter: Colin Patrick McCabe
>            Assignee: Colin Patrick McCabe
>            Priority: Critical
>              Labels: BB2015-05-TBR
>         Attachments: HADOOP-9984.001.patch, HADOOP-9984.003.patch, HADOOP-9984.005.patch,
HADOOP-9984.007.patch, HADOOP-9984.009.patch, HADOOP-9984.010.patch, HADOOP-9984.011.patch,
HADOOP-9984.012.patch, HADOOP-9984.013.patch, HADOOP-9984.014.patch, HADOOP-9984.015.patch
>
>
> During the process of adding symlink support to FileSystem, we realized that many existing
HDFS clients would be broken by listStatus and globStatus returning symlinks.  One example
is applications that assume that !FileStatus#isFile implies that the inode is a directory.
 As we discussed in HADOOP-9972 and HADOOP-9912, we should default these APIs to returning
resolved paths.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message