hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Haohui Mai (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HDFS-5923) Do not persist the ACL bit in the FsPermission
Date Wed, 12 Feb 2014 21:54:23 GMT

     [ https://issues.apache.org/jira/browse/HDFS-5923?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Haohui Mai updated HDFS-5923:
-----------------------------

    Attachment:     (was: HDFS-5923.002.patch)

> Do not persist the ACL bit in the FsPermission
> ----------------------------------------------
>
>                 Key: HDFS-5923
>                 URL: https://issues.apache.org/jira/browse/HDFS-5923
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: hdfs-client, namenode, security
>    Affects Versions: HDFS ACLs (HDFS-4685)
>            Reporter: Haohui Mai
>            Assignee: Haohui Mai
>         Attachments: HDFS-5923.000.patch, HDFS-5923.001.patch, HDFS-5923.002.patch, HDFS-5923.003.patch
>
>
> The current implementation persists and ACL bit in FSImage and editlogs. Moreover, the
security decisions also depend on whether the bit is set.
> The problem here is that we have to maintain the implicit invariant, which is the ACL
bit is set if and only if the the inode has AclFeature. The invariant has to be maintained
everywhere otherwise it can lead to a security vulnerability. In the worst case, an attacker
can toggle the bit and bypass the ACL checks.
> The jira proposes to treat the ACL bit as a transient bit. The bit should not be persisted
onto the disk, neither it should affect any security decisions.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message