hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-12536) Reduce the effective scope of GLOBAL CREATE and ADMIN permission
Date Wed, 19 Nov 2014 16:58:34 GMT
Andrew Purtell created HBASE-12536:

             Summary: Reduce the effective scope of GLOBAL CREATE and ADMIN permission
                 Key: HBASE-12536
                 URL: https://issues.apache.org/jira/browse/HBASE-12536
             Project: HBase
          Issue Type: Bug
          Components: security
            Reporter: Andrew Purtell
            Assignee: Andrew Purtell
             Fix For: 2.0.0, 0.99.2, 0.98.8

The current implementation of the AccessController grants users with *GLOBAL* CREATE or ADMIN
privilege implicit write access to the META and ACL tables, so when a new table is created
new entries can be added to META and ACL appropriately in the pre and post handlers with the
credentials supplied in the RPC context. Although any user with GLOBAL CREATE or ADMIN is
already superuser-like in many respects, the implicit write privilege is an artifact of implementation
that should be changed. We can remove the implicit write access. After doing so, users with
GLOBAL CREATE will not be able to elevate their privileges unexpectedly through direct access
to the ACL table. A GLOBAL ADMIN will be still correctly be allowed to grant themselves any
desired privilege.

This issue was discovered and raised by [~devaraj] on private@hbase as a potential security
issue and was included in the 0.98.8 release prior to the filing of this JIRA.

I've set the priority of this issue only at 'Major' since it only affects users with GLOBAL
CREATE or ADMIN privilege. GLOBAL ADMIN is already a superuser, and GLOBAL CREATE likewise
should already also be considered superuser-lite access and sparingly granted to trusted personnel.

This message was sent by Atlassian JIRA

View raw message