hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-13768) ZooKeeper znodes are bootstrapped with insecure ACLs in a secure configuration
Date Mon, 25 May 2015 17:05:17 GMT

    [ https://issues.apache.org/jira/browse/HBASE-13768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14558391#comment-14558391
] 

Andrew Purtell edited comment on HBASE-13768 at 5/25/15 5:04 PM:
-----------------------------------------------------------------

The incorrect ACLs can be fixed with immediate effect using the following zkcli commands executed
under the HBase service principal's credentials:

{noformat}
    setAcl /hbase world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/backup-masters sasl:hbase:cdrwa
    setAcl /hbase/draining sasl:hbase:cdrwa
    setAcl /hbase/flush-table-proc sasl:hbase:cdrwa
    setAcl /hbase/hbaseid world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/master world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/meta-region-server world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/namespace sasl:hbase:cdrwa
    setAcl /hbase/online-snapshot sasl:hbase:cdrwa
    setAcl /hbase/region-in-transition sasl:hbase:cdrwa
    setAcl /hbase/recovering-regions sasl:hbase:cdrwa
    setAcl /hbase/replication sasl:hbase:cdrwa
    setAcl /hbase/rs sasl:hbase:cdrwa
    setAcl /hbase/running sasl:hbase:cdrwa
    setAcl /hbase/splitWAL sasl:hbase:cdrwa
    setAcl /hbase/table sasl:hbase:cdrwa
    setAcl /hbase/table-lock sasl:hbase:cdrwa
    setAcl /hbase/tokenauth sasl:hbase:cdrwa
{noformat}

Note that not all of these znodes exist in an 0.98 deployment, so ensure you have spelled
the znode correctly and otherwise ignore any 'not found' errors there. 

Without a logic fix, insecure ACLs will return should znodes be cleared or the code used to
bootstrap another cluster.


was (Author: apurtell):
The incorrect ACLs can be fixed with immediate effect using the following zkcli commands:

{noformat}
    setAcl /hbase world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/backup-masters sasl:hbase:cdrwa
    setAcl /hbase/draining sasl:hbase:cdrwa
    setAcl /hbase/flush-table-proc sasl:hbase:cdrwa
    setAcl /hbase/hbaseid world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/master world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/meta-region-server world:anyone:r,sasl:hbase:cdrwa
    setAcl /hbase/namespace sasl:hbase:cdrwa
    setAcl /hbase/online-snapshot sasl:hbase:cdrwa
    setAcl /hbase/region-in-transition sasl:hbase:cdrwa
    setAcl /hbase/recovering-regions sasl:hbase:cdrwa
    setAcl /hbase/replication sasl:hbase:cdrwa
    setAcl /hbase/rs sasl:hbase:cdrwa
    setAcl /hbase/running sasl:hbase:cdrwa
    setAcl /hbase/splitWAL sasl:hbase:cdrwa
    setAcl /hbase/table sasl:hbase:cdrwa
    setAcl /hbase/table-lock sasl:hbase:cdrwa
    setAcl /hbase/tokenauth sasl:hbase:cdrwa
{noformat}

Note that not all of these znodes exist in an 0.98 deployment, so ensure you have spelled
the znode correctly and otherwise ignore any 'not found' errors there. 

Without a logic fix, insecure ACLs will return should znodes be cleared or the code used to
bootstrap another cluster.

> ZooKeeper znodes are bootstrapped with insecure ACLs in a secure configuration
> ------------------------------------------------------------------------------
>
>                 Key: HBASE-13768
>                 URL: https://issues.apache.org/jira/browse/HBASE-13768
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Andrew Purtell
>            Assignee: Enis Soztutar
>            Priority: Blocker
>             Fix For: 2.0.0, 0.98.13, 1.0.2, 1.2.0, 1.1.1, 0.98.12.1, 1.0.1.1, 1.1.0.1
>
>
> A logic error causes HBase in most secure configuration deployments to handle its coordination
state in ZooKeeper via insecure ACLs. Anyone with remote unauthenticated network access to
the ZooKeeper quorum, which by definition includes all HBase clients, can make use of this
opening to violate the operational integrity of the system. For example, critical znodes can
be deleted, causing outages. It is possible to introduce rogue replication endpoints. It is
possible to direct the distributed log splitting facility to split arbitrary files in HDFS.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message