hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ted Yu (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HBASE-19483) Add proper privilege check for rsgroup commands
Date Wed, 13 Dec 2017 18:00:00 GMT

    [ https://issues.apache.org/jira/browse/HBASE-19483?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289639#comment-16289639
] 

Ted Yu edited comment on HBASE-19483 at 12/13/17 5:59 PM:
----------------------------------------------------------

The rs group hooks from AccessController.java would be migrated to RSGroupAdminEndpoint which
does the permission checking.

w.r.t. 1.4, even if this migration is not done, the new hooks in Guangxu's patch should be
added to AccessController to plug security hole.




was (Author: yuzhihong@gmail.com):
The rs group hooks from AccessController.java would be migrated to RSGroupAdminEndpoint which
does the permission checking.

w.r.t. 1.4, even if this migration is not done, the new hooks in Guangxu's patch should be
added to plug security hole.



> Add proper privilege check for rsgroup commands
> -----------------------------------------------
>
>                 Key: HBASE-19483
>                 URL: https://issues.apache.org/jira/browse/HBASE-19483
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Ted Yu
>            Assignee: Guangxu Cheng
>             Fix For: 2.0.0-beta-1
>
>         Attachments: HBASE-19483.master.001.patch, HBASE-19483.master.002.patch, HBASE-19483.master.003.patch
>
>
> Currently list_rsgroups command can be executed by any user.
> This is inconsistent with other list commands such as list_peers and list_peer_configs.
> We should add proper privilege check for list_rsgroups command.
> privilege check should be added for get_table_rsgroup / get_server_rsgroup / get_rsgroup
commands.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message