hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enis Soztutar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15132) Master region merge RPC should authorize user request
Date Thu, 21 Jan 2016 18:51:39 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15111080#comment-15111080
] 

Enis Soztutar commented on HBASE-15132:
---------------------------------------

bq. I am not aware of use case which needs the post hook. When the requirement comes, we can
add later.
We should stick with the standard coprocessor pattern. Always add preXXX() and postXXX() please.


I think the method name should be preDispatchMerge() or preDispatchRegionMerge(). We already
have preMerge() in the regionserver coprocessor. 

> Master region merge RPC should authorize user request
> -----------------------------------------------------
>
>                 Key: HBASE-15132
>                 URL: https://issues.apache.org/jira/browse/HBASE-15132
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>         Attachments: HBASE-15132.v1.patch, HBASE-15132.v2.patch
>
>
> The normal flow for region merge is:
> 1. client sends a master RPC for dispatch merge regions
> 2. master moves the regions to the same regionserver
> 3. master calls mergeRegions RPC on the regionserver. 
> For user initiated region merge, MasterRpcServices#dispatchMergingRegions() is called
by HBaseAdmin.
> There is no coprocessor invocation in step 1.
> Step 3 is carried out in the "hbase" user context.
> This leaves potential security hole - any user without proper authorization can merge
regions of any table.
> Thanks to Enis who spotted this flaw first.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message