hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4434) Provide a mapping from INodeId to INode
Date Tue, 09 Apr 2013 15:06:17 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4434?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13626689#comment-13626689
] 

Daryn Sharp commented on HDFS-4434:
-----------------------------------

bq.  Exception might print the regular path corresponding to a given inode ID. Do you see
any issue with it?
Yes.  In some environments, the path name itself might be enough to divulge sensitive information.
 There are two cases to consider:
# If a directory allows listing, but child paths are not readable, then allowing arbitrary
inode resolution is ok because the user could see the paths anyway.
# If the directory denies access, then we should ensure that no operation will expose the
path names because the user isn't supposed to be able to see them.

bq.  the exception will not give you any an additional info as long *as the exception does
not returns the full path*
Yes, exactly my concern, per #2 above.  Some operations appear to check preconditions before
using the permission checker, or resolve before checking safemode - and then throw exceptions
with the resolved path.  Ex. mkdir, append, lease recovery, completeFile, rename, delete,
and probably others will divulge paths.

Concat doesn't appear to handle inode paths.  Does lease renewal work for inode paths?
                
> Provide a mapping from INodeId to INode
> ---------------------------------------
>
>                 Key: HDFS-4434
>                 URL: https://issues.apache.org/jira/browse/HDFS-4434
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: namenode
>    Affects Versions: 3.0.0
>            Reporter: Brandon Li
>            Assignee: Suresh Srinivas
>         Attachments: HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch,
HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch,
HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch, HDFS-4434.patch,
HDFS-4434.patch
>
>
> This JIRA is to provide a way to access the INode via its id. The proposed solution is
to have an in-memory mapping from INodeId to INode. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message