hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enis Soztutar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-15132) Master region merge RPC should authorize user request
Date Fri, 22 Jan 2016 19:28:39 GMT

    [ https://issues.apache.org/jira/browse/HBASE-15132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15112925#comment-15112925

Enis Soztutar commented on HBASE-15132:

I was checking why we are not wrapping the post call with doAs() as well. I think the doAs
in the pre is not needed at all, since the handler is already in user context, no? 

> Master region merge RPC should authorize user request
> -----------------------------------------------------
>                 Key: HBASE-15132
>                 URL: https://issues.apache.org/jira/browse/HBASE-15132
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Ted Yu
>         Attachments: HBASE-15132-branch-1.v6.patch, HBASE-15132.v1.patch, HBASE-15132.v2.patch,
HBASE-15132.v4.patch, HBASE-15132.v5.patch, HBASE-15132.v6.patch
> The normal flow for region merge is:
> 1. client sends a master RPC for dispatch merge regions
> 2. master moves the regions to the same regionserver
> 3. master calls mergeRegions RPC on the regionserver. 
> For user initiated region merge, MasterRpcServices#dispatchMergingRegions() is called
by HBaseAdmin.
> There is no coprocessor invocation in step 1.
> Step 3 is carried out in the "hbase" user context.
> This leaves potential security hole - any user without proper authorization can merge
regions of any table.
> Thanks to Enis who spotted this flaw first.

This message was sent by Atlassian JIRA

View raw message